akto icon indicating copy to clipboard operation
akto copied to clipboard

Published 20 hours ago verified publisher icon akto-api-security

⛏️ Write a test to check whether we can create/update an object with Host Header Manipulation

Open arjun-akto opened this issue 1 year ago • 12 comments

💭 Introduction:

We want a test to check whether an attacker can create/update entity with Host Header Manipulation

🎯 Requirements:

  1. Filters - API with GET query parameter or JSON body parameter

  2. Execute - It should add or replace a value with

  1. Validation - If the application responds with a exception trace or error response strings, it is a vulnerability.

✅ Task summary:

  • [ ] Ask to be assigned to the issue.
  • [ ] Wait to be assigned. We will try to assign in less than 2 hours.
  • [ ] Signup for [Akto]
  • [ ] Fork the [tests-library] repository, create a new branch and commit the yaml file which will be called in your test.
  • [ ] Submit both the PR here.

📚 Reading

You can find a detailed documentation of test editor rules [here]

Find 100+ examples of YAML tests [here]

🙋🏼‍♂️ Questions:

If you have questions, need any help, or just want to hang out, make sure to join us on our [Discord server].

arjun-akto avatar Oct 13 '23 04:10 arjun-akto

Hi @arjun-akto I would like to work on this kindly assign it to me.

newton0-0 avatar Oct 13 '23 16:10 newton0-0

assign to me

ishanpatil35 avatar Oct 13 '23 17:10 ishanpatil35

Hi @newton0-0 , @ishanpatil35 . I have assigned the issue to you. Please feel free to connect us on our Discord server for any doubts.

arjun-akto avatar Oct 14 '23 14:10 arjun-akto

Hi @arjun-akto , can you please assign this issue to me too?

adarsh-jha-dev avatar Oct 16 '23 17:10 adarsh-jha-dev

Hi @arjun-akto , i would like to work on this , can you please assign it to me.

Nayansagar1326 avatar Oct 19 '23 04:10 Nayansagar1326

Hi @Nayansagar1326 , @adarsh-jha-dev. I have assigned the issue to you. Please feel free to connect us on our Discord server for any doubts. Sorry for the late reply!

arjun-akto avatar Oct 24 '23 05:10 arjun-akto

Hey @arjun-akto I would like to work on this issue

parthrc avatar Oct 24 '23 05:10 parthrc

Hi @parthrc ! I have assigned the issue to you. Please feel free to connect us on our Discord server for any doubts. Sorry for the late reply!

arjun-akto avatar Oct 25 '23 03:10 arjun-akto

Hey @arjun-akto , I have raised a PR for this issue, I request you to please have a look at it and let me know if the changes are relevant.

adarsh-jha-dev avatar Oct 27 '23 12:10 adarsh-jha-dev

Hi @adarsh-jha-dev Please fill out this form here so we can send you Akto swags. Will let you know ETA of swags soon, thanks for your contribution! 🚀

RaagaAkto avatar Jan 30 '24 09:01 RaagaAkto

Hi @adarsh-jha-dev Please fill out this form here so we can send you Akto swags. Will let you know ETA of swags soon, thanks for your contribution! 🚀

Thanks a lot, but this form is asking for permission of the owner. Could you please resolve this?

adarsh-jha-dev avatar Jan 30 '24 09:01 adarsh-jha-dev

Hi @adarsh-jha-dev, we've received your details, swags should reach you in a month!

RaagaAkto avatar Feb 02 '24 03:02 RaagaAkto