{ "info": { "_postman_id": "db4f21c7-5417-4d17-9769-e84a3709548d", "name": "Vulnurable Users API", "description": "Vulnerable API for managing users.", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "_exporter_id": "17005336" }, "item": [ { "name": "Warm-up", "item": [ { "name": "Authenticate and fetch a valid Access Token", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "response": [ { "name": "The Request could be processed.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" }, { "name": "Exception occured. Operation not allowed.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" } ] }, { "name": "Get the user information based on *user_id*. This function is useful for administrator reading the information of other users.", "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}", "type": "string" } ] }, "method": "GET", "header": [ { "key": "Accept", "value": "application/json" } ], "url": { "raw": "{{baseUrl}}/users/user/:id?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user", ":id" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ], "variable": [ { "key": "id", "value": "1", "description": "User ID" } ] } }, "response": [ { "name": "The Request could be processed.", "originalRequest": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "url": { "raw": "{{baseUrl}}/users/user/:id?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user", ":id" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ], "variable": [ { "key": "id" } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "Content-Type", "value": "application/json" } ], "cookie": [], "body": "{\n \"accessToken\": \"string\",\n \"id\": \"string\",\n \"password\": \"string\",\n \"companyId\": \"string\",\n \"role\": \"normal\",\n \"address\": \"string\",\n \"name\": \"string\"\n}" }, { "name": "Exception occured. Operation not allowed.", "originalRequest": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "url": { "raw": "{{baseUrl}}/users/user/:id?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user", ":id" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ], "variable": [ { "key": "id" } ] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" } ] }, { "name": "Get the user information based on *access_token*", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" } ], "url": { "raw": "{{baseUrl}}/users/user?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "response": [ { "name": "The Request could be processed.", "originalRequest": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "url": { "raw": "{{baseUrl}}/users/user?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "Content-Type", "value": "application/json" } ], "cookie": [], "body": "{\n \"accessToken\": \"string\",\n \"id\": \"string\",\n \"password\": \"string\",\n \"companyId\": \"string\",\n \"role\": \"normal\",\n \"address\": \"string\",\n \"name\": \"string\"\n}" }, { "name": "Exception occured. Operation not allowed.", "originalRequest": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "url": { "raw": "{{baseUrl}}/users/user?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" } ] } ], "description": "Endpoints Relevant for Warm-up Level. Use `verifier=secure`." }, { "name": "BOLA", "item": [ { "name": "Authenticate and fetch a valid Access Token", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "response": [ { "name": "The Request could be processed.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" }, { "name": "Exception occured. Operation not allowed.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" } ] }, { "name": "Get the user information based on *user_id*. This function is useful for administrator reading the information of other users.", "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}", "type": "string" } ] }, "method": "GET", "header": [ { "key": "Accept", "value": "application/json" } ], "url": { "raw": "{{baseUrl}}/users/user/:id?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user", ":id" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ], "variable": [ { "key": "id", "value": "1", "description": "User ID" } ] } }, "response": [ { "name": "The Request could be processed.", "originalRequest": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "url": { "raw": "{{baseUrl}}/users/user/:id?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user", ":id" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ], "variable": [ { "key": "id" } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "Content-Type", "value": "application/json" } ], "cookie": [], "body": "{\n \"accessToken\": \"string\",\n \"id\": \"string\",\n \"password\": \"string\",\n \"companyId\": \"string\",\n \"role\": \"normal\",\n \"address\": \"string\",\n \"name\": \"string\"\n}" }, { "name": "Exception occured. Operation not allowed.", "originalRequest": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "url": { "raw": "{{baseUrl}}/users/user/:id?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user", ":id" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ], "variable": [ { "key": "id" } ] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" } ] }, { "name": "Get the user information based on *access_token*", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" } ], "url": { "raw": "{{baseUrl}}/users/user?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "response": [ { "name": "The Request could be processed.", "originalRequest": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "url": { "raw": "{{baseUrl}}/users/user?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "Content-Type", "value": "application/json" } ], "cookie": [], "body": "{\n \"accessToken\": \"string\",\n \"id\": \"string\",\n \"password\": \"string\",\n \"companyId\": \"string\",\n \"role\": \"normal\",\n \"address\": \"string\",\n \"name\": \"string\"\n}" }, { "name": "Exception occured. Operation not allowed.", "originalRequest": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "url": { "raw": "{{baseUrl}}/users/user?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" } ] }, { "name": "Users can change their own profile. Administrators are allowed to change the profile of other users, too.", "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}", "type": "string" } ] }, "method": "PATCH", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Accept", "value": "application/json" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "company_id", "value": "string" }, { "key": "password", "value": "string" }, { "key": "role", "value": "manager", "description": "A list of user roles" }, { "key": "user_id", "value": "string" }, { "key": "username", "value": "string" }, { "key": "age", "value": "string" }, { "key": "address", "value": "string" }, { "key": "contact", "value": "string" }, { "key": "salary", "value": "string" } ] }, "url": { "raw": "{{baseUrl}}/users/user?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "response": [ { "name": "The Request could be processed.", "originalRequest": { "method": "PATCH", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "company_id", "value": "string" }, { "key": "password", "value": "string" }, { "key": "role", "value": "manager", "description": "A list of user roles" }, { "key": "user_id", "value": "string" }, { "key": "username", "value": "string" }, { "key": "age", "value": "string" }, { "key": "address", "value": "string" }, { "key": "contact", "value": "string" }, { "key": "salary", "value": "string" } ] }, "url": { "raw": "{{baseUrl}}/users/user?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "Content-Type", "value": "application/json" } ], "cookie": [], "body": "{\n \"accessToken\": \"string\",\n \"id\": \"string\",\n \"password\": \"string\",\n \"companyId\": \"string\",\n \"role\": \"normal\",\n \"address\": \"string\",\n \"name\": \"string\"\n}" }, { "name": "Exception occured. Operation not allowed.", "originalRequest": { "method": "PATCH", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "company_id", "value": "string" }, { "key": "password", "value": "string" }, { "key": "role", "value": "manager", "description": "A list of user roles" }, { "key": "user_id", "value": "string" }, { "key": "username", "value": "string" }, { "key": "age", "value": "string" }, { "key": "address", "value": "string" }, { "key": "contact", "value": "string" }, { "key": "salary", "value": "string" } ] }, "url": { "raw": "{{baseUrl}}/users/user?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" } ] } ], "description": "Endpoints Relevant for Broken Object Level Authorization Level. Use `verifier=bola-{num}`." }, { "name": "BFLA", "item": [ { "name": "Authenticate and fetch a valid Access Token", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "response": [ { "name": "The Request could be processed.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" }, { "name": "Exception occured. Operation not allowed.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" } ] }, { "name": "Get information for all users. This function is useful for administrator reading the information of other users.", "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}", "type": "string" } ] }, "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/users?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "response": [ { "name": "The Request could be processed.", "originalRequest": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "url": { "raw": "{{baseUrl}}/users?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" }, { "name": "Exception occured. Operation not allowed.", "originalRequest": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "url": { "raw": "{{baseUrl}}/users?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" } ] } ], "description": "Endpoints Relevant for Broken Function Level Authorization. Use `verifier=bfla-{num}`." }, { "name": "BOPLA", "item": [ { "name": "Authenticate and fetch a valid Access Token", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "response": [ { "name": "The Request could be processed.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" }, { "name": "Exception occured. Operation not allowed.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" } ] }, { "name": "Users can change their own profile. Administrators are allowed to change the profile of other users, too.", "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}", "type": "string" } ] }, "method": "PATCH", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Accept", "value": "application/json" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "company_id", "value": "string" }, { "key": "password", "value": "string" }, { "key": "role", "value": "manager", "description": "A list of user roles" }, { "key": "user_id", "value": "string" }, { "key": "username", "value": "string" }, { "key": "age", "value": "string" }, { "key": "address", "value": "string" }, { "key": "contact", "value": "string" }, { "key": "salary", "value": "string" } ] }, "url": { "raw": "{{baseUrl}}/users/user?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "response": [ { "name": "The Request could be processed.", "originalRequest": { "method": "PATCH", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "company_id", "value": "string" }, { "key": "password", "value": "string" }, { "key": "role", "value": "manager", "description": "A list of user roles" }, { "key": "user_id", "value": "string" }, { "key": "username", "value": "string" }, { "key": "age", "value": "string" }, { "key": "address", "value": "string" }, { "key": "contact", "value": "string" }, { "key": "salary", "value": "string" } ] }, "url": { "raw": "{{baseUrl}}/users/user?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "Content-Type", "value": "application/json" } ], "cookie": [], "body": "{\n \"accessToken\": \"string\",\n \"id\": \"string\",\n \"password\": \"string\",\n \"companyId\": \"string\",\n \"role\": \"normal\",\n \"address\": \"string\",\n \"name\": \"string\"\n}" }, { "name": "Exception occured. Operation not allowed.", "originalRequest": { "method": "PATCH", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "company_id", "value": "string" }, { "key": "password", "value": "string" }, { "key": "role", "value": "manager", "description": "A list of user roles" }, { "key": "user_id", "value": "string" }, { "key": "username", "value": "string" }, { "key": "age", "value": "string" }, { "key": "address", "value": "string" }, { "key": "contact", "value": "string" }, { "key": "salary", "value": "string" } ] }, "url": { "raw": "{{baseUrl}}/users/user?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" } ] } ], "description": "Endpoints Relevant for Broken Property Level Authorization. Use `verifier=bopla-{num}`." }, { "name": "Security Misconfiguration (SM)", "item": [ { "name": "Authenticate and fetch a valid Access Token", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "response": [ { "name": "The Request could be processed.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" }, { "name": "Exception occured. Operation not allowed.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" } ] }, { "name": "Get the user information based on *user_id*. This function is useful for administrator reading the information of other users.", "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}", "type": "string" } ] }, "method": "GET", "header": [ { "key": "Accept", "value": "application/json" } ], "url": { "raw": "{{baseUrl}}/users/user/:id?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user", ":id" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ], "variable": [ { "key": "id", "value": "1", "description": "User ID" } ] } }, "response": [ { "name": "The Request could be processed.", "originalRequest": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "url": { "raw": "{{baseUrl}}/users/user/:id?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user", ":id" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ], "variable": [ { "key": "id" } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "Content-Type", "value": "application/json" } ], "cookie": [], "body": "{\n \"accessToken\": \"string\",\n \"id\": \"string\",\n \"password\": \"string\",\n \"companyId\": \"string\",\n \"role\": \"normal\",\n \"address\": \"string\",\n \"name\": \"string\"\n}" }, { "name": "Exception occured. Operation not allowed.", "originalRequest": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "url": { "raw": "{{baseUrl}}/users/user/:id?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user", ":id" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ], "variable": [ { "key": "id" } ] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" } ] } ], "description": "The API is vulnerable bacause the best current practices regaring error messages, measureble behavior in dependence of the input, or insufficient input sanitization are not implemented correctly. Use `verifier=sm-{num}`." }, { "name": "SSRF", "item": [ { "name": "Authenticate and fetch a valid Access Token", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "response": [ { "name": "The Request could be processed.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" }, { "name": "Exception occured. Operation not allowed.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" } ] }, { "name": "Get the user information based on *access_token*", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" } ], "url": { "raw": "{{baseUrl}}/users/user?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "response": [ { "name": "The Request could be processed.", "originalRequest": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "url": { "raw": "{{baseUrl}}/users/user?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "Content-Type", "value": "application/json" } ], "cookie": [], "body": "{\n \"accessToken\": \"string\",\n \"id\": \"string\",\n \"password\": \"string\",\n \"companyId\": \"string\",\n \"role\": \"normal\",\n \"address\": \"string\",\n \"name\": \"string\"\n}" }, { "name": "Exception occured. Operation not allowed.", "originalRequest": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "url": { "raw": "{{baseUrl}}/users/user?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" } ] } ], "description": "Endpoints Relevant for Server-Side Request Forgery. Use `verifier=ssrf-{num}`." }, { "name": "Authentication Bypass", "item": [ { "name": "Fetch a valid Access Token via Basic Authentication", "request": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "response": [ { "name": "The Request could be processed.", "originalRequest": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" }, { "name": "Exception occured. Operation not allowed.", "originalRequest": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" } ] }, { "name": "Authenticate and fetch a valid Access Token", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "response": [ { "name": "The Request could be processed.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" }, { "name": "Exception occured. Operation not allowed.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "password", "value": "string", "description": "Type your password" }, { "key": "username", "value": "string", "description": "Type your username" } ] }, "url": { "raw": "{{baseUrl}}/authenticate?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "authenticate" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" } ] }, { "name": "Get the user information based on *access_token*", "request": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" } ], "url": { "raw": "{{baseUrl}}/users/user?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "response": [ { "name": "The Request could be processed.", "originalRequest": { "method": "GET", "header": [ { "key": "Accept", "value": "application/json" }, { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "url": { "raw": "{{baseUrl}}/users/user?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "Content-Type", "value": "application/json" } ], "cookie": [], "body": "{\n \"accessToken\": \"string\",\n \"id\": \"string\",\n \"password\": \"string\",\n \"companyId\": \"string\",\n \"role\": \"normal\",\n \"address\": \"string\",\n \"name\": \"string\"\n}" }, { "name": "Exception occured. Operation not allowed.", "originalRequest": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer ", "description": "Added as a part of security scheme: bearer" } ], "url": { "raw": "{{baseUrl}}/users/user?verifier=secure", "host": [ "{{baseUrl}}" ], "path": [ "users", "user" ], "query": [ { "key": "verifier", "value": "secure", "description": "Verifier controlling the verification logic of the vulnerable service." } ] } }, "status": "Unauthorized", "code": 401, "_postman_previewlanguage": "text", "header": [], "cookie": [], "body": "" } ] } ], "description": "Endpoints Relevant for Authentication Bypass. Use `verifier=auth-{num}`." }, { "name": "tokens Revoke Post", "request": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/reset", "host": [ "{{baseUrl}}" ], "path": [ "reset" ] } }, "response": [] } ], "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{bearerToken}}", "type": "string" } ] }, "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "packages": {}, "requests": {}, "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "packages": {}, "requests": {}, "exec": [ "" ] } } ], "variable": [ { "key": "baseUrl", "value": "https://rest.e-hacking.de/rest-api-sec/vuln_users" } ] }