API Penetration Testing Course

Assessment

Question 1

Which of the following would make for a good vAPI request to test for SSRF?

Solution

/vapi/serversurfer

Question 2

Which type of SSRF attacks is vAPI susceptible to?

Solution

  • In-Band

  • Out-of-Band

  • Blind

Question 3

What HTTP status code does vAPI's serversurfer respond with when using http://127.0.0.1 as a payload?

Solution

403

Question 4

What HTTP status code does vAPI's serversurfer respond with for a successful SSRF attack?

Solution

200

Question 5

What happens to data retrieved by vAPI with a successful in-band SSRF attack against the serversurfer?

Solution

The resources retrieved are sent back base64 encoded

PreviousTesting for SSRFNextTesting for Injection Vulnerabilities

Last updated