The Apiculture challenges are dedicated to API attacks. The second level basically looks like a webpage dedicated to beehives: A quick look in the Developer Tools reveals a call to the /api/v4/products/ endpoint: This endpoint indeed permits to get the beehives JSON. It is also impacted by an Improper Data Filtering vulnerability since it contains … Continue reading Apiculture 2 write-up

The Apiculture challenges are dedicated to API attacks. It is basically a honey’s addict website: To solve the first challenge, we should pay attention to the call to the /api/products/ API: This endpoint provides information to the Angular front-end so that the page can be rendered in the browser… But it is impacted by an … Continue reading Apiculture 1 write-up