API Endpoint Brute Forcing

Details

An API Endpoint Brute Forcing vulnerability exists in the export to pdf endpoint. The login endpoint has rate limiting but this is not enforced in the export endpoint. As such you can brute force for any user and their password. username enumeration is also possible

POST /api/v2/export HTTP/1.1
Host: dvws.local
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:146.0) Gecko/20100101 Firefox/146.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dvws.local/passphrasegen.html
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoidGVzdCIsInBlcm1pc3Npb25zIjpbInVzZXI6cmVhZCIsInVzZXI6d3JpdGUiXSwiaWF0IjoxNzY4MzM3NjQ2LCJleHAiOjE3Njg1MTA0NDYsImlzcyI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbm9vcHlzZWN1cml0eSJ9.c1WIorGbPlLyKr1YDvyM7yZTsc3U7AwlYL33kEPtPH8
Content-Type: application/json;charset=utf-8
Content-Length: 295
Origin: http://dvws.local
Connection: keep-alive
Cookie: auth_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoidGVzdCIsInBlcm1pc3Npb25zIjpbInVzZXI6cmVhZCIsInVzZXI6d3JpdGUiXSwiaWF0IjoxNzY4MzM3NjQ2LCJleHAiOjE3Njg1MTA0NDYsImlzcyI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbm9vcHlzZWN1cml0eSJ9.c1WIorGbPlLyKr1YDvyM7yZTsc3U7AwlYL33kEPtPH8
Priority: u=0

{"data":"W3sicGFzc3BocmFzZSI6IjU3NGU3OTdhNGIzODUxNzI0YTczODI2OTc3NGQ2MDdkIiwicmVtaW5kZXIiOiJ3ZXJld3IifSx7InBhc3NwaHJhc2UiOiJ3ZXJld3IiLCJyZW1pbmRlciI6IndlcmV3ciJ9LHsicGFzc3BocmFzZSI6Ijc5NTc2ODgxMzA1MzY3MzE3ZDcxN2I1MjM2NjA3ODZkIiwicmVtaW5kZXIiOiJ3ZXJld3IifV0=","password":"test","username":"test"}

Solutions

FAQ

Questions

API Endpoint Brute Forcing

Details

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Solutions

FAQ

Clone this wiki locally