aktoboy

⛏️ Write test to detect SSRF attack for GraphQL APIs

4

💭 Introduction: 🎯 Requirements: ✅ Task summary: 🙋🏼‍♂️ Questions: If you have questions, need any help, or just want to hang out, make sure to join us on our [Discord...

⛏️ Write a test to check if a user can redeem the same coupon code multiple times

16

💭 Introduction: We want to test whether an attacker can redeem the same coupon multiple times by exploiting race condition vulnerability. 🎯 Requirements: 1. Filters - This test should run...

⛏️ Write a test to detect if a user cannot provide multiple ratings

6

💭 Introduction: We want to test whether an attacker can rate an product/video multiple times by exploiting race condition. 🎯 Requirements: 1. Filters - This test should run on apis...

⛏️ Write a test to bruteforce password of a user

13

💭 Introduction: We want to test whether an attacker can guess the password of an user via brute force. 🎯 Requirements: This test should run on api which is used...

⛏️ Write a test to check whether we can create/update an object with negative price/amount/value

15

💭 Introduction: We want to test to check whether an attacker can create/update entity with an invalid price/amount/value. 🎯 Requirements: 1. Filters - This test should run on apis that...

💭 Introduction: We want to test whether API's which take in url as a param are vulnerable to do RCE on Redis using SSRF. You can refer [this](https://smarx.com/posts/2020/09/ssrf-to-redis-ctf-solution/) blog for...

💭 Introduction: We want to test whether an attacker can pull out data using an internal api with broken authentication via SSRF. 🎯 Requirements: This test should only run for...