API Penetration Testing Course

Assessment

Question 1

Which two requests are available for testing vAPI for Mass Assignment (API6)?

Solution

  • GET /vapi/api6/user/me

  • POST /vapi/api6/user

Question 2

What is the field that can be used in a mass assignment attack against /vapi/api6?

Solution

credit

Question 3

What is the flag for successfully exploiting vAPI's Mass Assignment vulnerability?

Solution

api6_afb969db8b6e272694b4

Question 4

What HTTP response code is returned after performing a successful mass assignment attack against vAPI?

Solution

200

Question 5

What HTTP response code is returned when sending a PUT request to http://vapi.apisec.ai/vapi/api6/user?

Solution

500

PreviousHunting for Mass AssignmentNextServer-Side Request Forgery

Last updated