Skip to content
/ publicdata_ctf Public

REST based intentionally vulnerable API that was developed to teach college students on how sensitive data can be siphoned out of Public Data API's, and how common web application attacks are carried out.

6 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

onsali/publicdata_ctf

BranchesTags

Repository files navigation

Welcome to the 2023 Pennington CTF Challenge API!

This is a CRUD (mostly) REST based intentionally vulnerable API that was developed to teach college students on how sensitive data can be siphoned out of Public Data API's, and how common web application attacks are carried out.

⚠️ WORK IN PROGRESS ⚠️

CTF Instructions:

  • Navigate to the homepage
  • There are 5 flags to collect in total.

Vulnerabilities/Exploitation Techniques:

  • SQL injection
  • API BOLA (Broken Object Level Authentication) - extracting sensitive information without access
  • OSINT and data diving
  • Linux CLI usage

Usage:

git clone
cd public_data_
npm install
node server.js

Screenshot

To do:

  • Shift Routes, and Middleware out of server.js
  • Remove hardcoded SQLi vuln
  • MD Documentation

About

REST based intentionally vulnerable API that was developed to teach college students on how sensitive data can be siphoned out of Public Data API's, and how common web application attacks are carried out.

Resources

Readme
Activity

Stars

6 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages