search

Assessment

hashtag
Question 1

Which two requests are available for testing vAPI for Mass Assignment (API6)?

chevron-rightSolutionhashtag

  • GET /vapi/api6/user/me

  • POST /vapi/api6/user

hashtag
Question 2

What is the field that can be used in a mass assignment attack against /vapi/api6?

chevron-rightSolutionhashtag

credit

hashtag
Question 3

What is the flag for successfully exploiting vAPI's Mass Assignment vulnerability?

chevron-rightSolutionhashtag

api6_afb969db8b6e272694b4

hashtag
Question 4

What HTTP response code is returned after performing a successful mass assignment attack against vAPI?

chevron-rightSolutionhashtag

200

hashtag
Question 5

What HTTP response code is returned when sending a PUT request to http://vapi.apisec.ai/vapi/api6/user?

chevron-rightSolutionhashtag

500

PreviousHunting for Mass AssignmentNextServer-Side Request Forgery

Last updated