⚗️Lab: Exploiting an API endpoint using documentation
To solve the lab, find the exposed API documentation and delete carlos
. You can log in to your own account using the following credentials: wiener:peter
.
Required knowledge
To solve this lab, you'll need to know:
What API documentation is.
How API documentation may be useful to an attacker.
How to discover API documentation.
These points are covered in our API Testing Academy topic.
STEP ONE:
Login using username as wiener and password as peter
Update wiener's email address and send the request to burp repeater
In the repeater change the PATCH method to DELETE and change the path /api/user/wiener to /api/user/carlos
Send the request and as you can see in the below image the user carlos has been deleted.
STEPS TWO:
Login using username as wiener and password as peter
Update the email address
In Proxy > HTTP history, right-click the
PATCH /api/user/wiener
request and select Send to Repeater.Go to the Repeater tab. Send the
PATCH /api/user/wiener
request. Notice that this retrieves credentials for the userwiener
.Remove
/wiener
from the path of the request, so the endpoint is now/api/user
, then send the request. Notice that this returns an error because there is no user identifier.Remove
/user
from the path of the request, so the endpoint is now/api
, then send the request. Notice that this retrieves API documentation.Right-click the response and select Show response in browser. Copy the URL.
Paste the URL into Burp's browser to access the documentation. Notice that the documentation is interactive.
To delete Carlos and solve the lab, click on the
DELETE
row, entercarlos
, then click Send request.
Last updated