⚗️Lab: Exploiting an API endpoint using documentation
Last updated
Last updated
To solve the lab, find the exposed API documentation and delete carlos. You can log in to your own account using the following credentials: wiener:peter.
Required knowledge
To solve this lab, you'll need to know:
What API documentation is.
How API documentation may be useful to an attacker.
How to discover API documentation.
These points are covered in our API Testing Academy topic.
Login using username as wiener and password as peter
Update wiener's email address and send the request to burp repeater
In the repeater change the PATCH method to DELETE and change the path /api/user/wiener to /api/user/carlos
Send the request and as you can see in the below image the user carlos has been deleted.
Login using username as wiener and password as peter
Update the email address
In Proxy > HTTP history, right-click the PATCH /api/user/wiener request and select Send to Repeater.
Go to the Repeater tab. Send the PATCH /api/user/wiener request. Notice that this retrieves credentials for the user wiener.
Remove /wiener from the path of the request, so the endpoint is now /api/user, then send the request. Notice that this returns an error because there is no user identifier.
Remove /user from the path of the request, so the endpoint is now /api, then send the request. Notice that this retrieves API documentation.
Right-click the response and select Show response in browser. Copy the URL.
Paste the URL into Burp's browser to access the documentation. Notice that the documentation is interactive.
To delete Carlos and solve the lab, click on the DELETE row, enter carlos, then click Send request.
