Skip to content

Added a vulnerable API module#670

Merged
digininja merged 31 commits into
masterfrom
api
Jan 29, 2025
Merged

Added a vulnerable API module#670
digininja merged 31 commits into
masterfrom
api

Conversation

@digininja

@digininja digininja commented Jan 29, 2025

Copy link
Copy Markdown
Owner

No description provided.

digininja added 30 commits October 2, 2024 12:27
@digininja
starting API build
1fe14d3
@digininja
first files
18c38b5
@digininja
Basics are working
0f76d3b
@digininja
All working and documented
254c11b 
I need to make the user system persistent and then add some
vulnerabilities. There are already some in there, but we need some good
ones.
@digininja
missing include
e895a43
@digininja
low working
979265e
@digininja
added api versioning
9097c0f
@digininja
medium and low working
97cc416
@digininja
RCE and generic options response
6e41e1d
@digininja
better description
d0cd7f4
@digininja
starting orders
4c3b2ac
@digininja
low finished
d7f2316
@digininja
improved help page
b53c636
@digininja
medium working
a34389f
@digininja
tidy space
6e2d8bb
@digininja
orders working
42ea586
@digininja
login controller written and added to orders
0f758ac
@digininja
checking content type
36ab59e
@digininja
login is now OAUTH2
7f15de1
@digininja
refresh token working but no auth
cb4793b
@digininja
login tokens are encrypted and will expire
5f92df7
@digininja
All login stuff working
133ce09
@digininja
check if decrypt worked ok
677d859
@digininja
tidying up the levels
9c193cc
@digininja
echo function added
b4d82b1
@digininja
more links
0d0a7e1
@digininja
typo
0577e1d
@digininja
impossible level
9217125
@digininja
updated composer stuff
eb475ab
@digininja
calling openapi openapi, not swagger
4790347
@digininja digininja merged commit a96943d into master Jan 29, 2025
github-advanced-security[bot]
github-advanced-security AI found potential problems Jan 29, 2025
View reviewed changes
Comment thread vulnerabilities/api/src/LoginController.php
$client_secret = $_SERVER['PHP_AUTH_PW'];

# App auth check
if ($client_id == "1471.dvwa.digi.ninja" && $client_secret == "ABigLongSecret") {

Check failure

Code scanning / Secrets Audit

Cleartext Storage of Sensitive Information.

Credential in plaintext? Rule: Env Var Line: if ($client_id == "1471.dvwa.digi.ninja" && $client_secret == "ABigLongSecret") { Commit: .
github-advanced-security[bot]
github-advanced-security AI found potential problems Jan 29, 2025
View reviewed changes
Comment thread vulnerabilities/api/public/index.php
}

// pass the request method and order ID to the OrderController and process the HTTP request:
$controller = new OrderController($requestMethod, $version, $orderId);

Check warning

Code scanning / PHP Security Audit

Class Src \ OrderController has no __construct, but arguments were passed.

Class Src \ OrderController has no __construct, but arguments were passed.
Comment thread vulnerabilities/api/public/index.php
}

// pass the request method and user ID to the UserController and process the HTTP request:
$controller = new UserController($requestMethod, $version, $userId);

Check warning

Code scanning / PHP Security Audit

Class Src \ OrderController has no __construct, but arguments were passed.

Class Src \ UserController has no __construct, but arguments were passed.
Comment thread vulnerabilities/api/public/index.php
}

$command = $local_uri[2];
$controller = new HealthController($requestMethod, $version, $command);

Check warning

Code scanning / PHP Security Audit

Class Src \ OrderController has no __construct, but arguments were passed.

Class Src \ HealthController has no __construct, but arguments were passed.
Comment thread vulnerabilities/api/public/index.php
}

$command = $local_uri[2];
$controller = new LoginController($requestMethod, $version, $command);

Check warning

Code scanning / PHP Security Audit

Class Src \ OrderController has no __construct, but arguments were passed.

Class Src \ LoginController has no __construct, but arguments were passed.
Comment thread vulnerabilities/api/src/HealthController.php
}

#[OAT\Post(
tags: ["health"],

Check warning

Code scanning / PHP Security Audit

Syntax error, unexpected T_STRING on line 22.

Syntax error, unexpected T_STRING on line 22.
Comment thread vulnerabilities/api/src/UserController.php
}

#[OAT\Get(
tags: ["user"],

Check warning

Code scanning / PHP Security Audit

Syntax error, unexpected T_STRING on line 22.

Syntax error, unexpected T_STRING on line 63.
Comment thread vulnerabilities/api/src/UserController.php
}

#[OAT\Get(
tags: ["user"],

Check warning

Code scanning / PHP Security Audit

Syntax error, unexpected T_STRING on line 22.

Syntax error, unexpected T_STRING on line 98.
Comment thread vulnerabilities/api/src/UserController.php
}

#[OAT\Post(
tags: ["user"],

Check warning

Code scanning / PHP Security Audit

Syntax error, unexpected T_STRING on line 22.

Syntax error, unexpected T_STRING on line 126.
Comment thread vulnerabilities/api/src/UserController.php
}

#[OAT\Put(
tags: ["user"],

Check warning

Code scanning / PHP Security Audit

Syntax error, unexpected T_STRING on line 22.

Syntax error, unexpected T_STRING on line 175.
Comment thread vulnerabilities/api/src/UserController.php
}

#[OAT\Delete(
tags: ["user"],

Check warning

Code scanning / PHP Security Audit

Syntax error, unexpected T_STRING on line 22.

Syntax error, unexpected T_STRING on line 233.
@digininja digininja deleted the api branch February 26, 2025 09:53
noe-orga-NTT pushed a commit to noe-orga-NTT/DVWA that referenced this pull request May 30, 2025
@digininja
Merge pull request digininja#670 from digininja/api
2193a88 
Added a vulnerable API module
noe-orga-NTT pushed a commit to noe-orga-NTT/DVWA that referenced this pull request May 30, 2025
@digininja
Merge pull request digininja#670 from digininja/api
a98be29 
Added a vulnerable API module
noe-orga-NTT pushed a commit to noe-orga-NTT/DVWA that referenced this pull request May 30, 2025
@digininja
Merge pull request digininja#670 from digininja/api
4065b67 
Added a vulnerable API module
noe-orga-NTT pushed a commit to noe-orga-NTT/DVWA that referenced this pull request May 30, 2025
@digininja
Merge pull request digininja#670 from digininja/api
16191f7 
Added a vulnerable API module
noe-orga-NTT pushed a commit to noe-orga-NTT/DVWA that referenced this pull request May 30, 2025
@digininja
Merge pull request digininja#670 from digininja/api
e2d3ecc 
Added a vulnerable API module
noe-orga-NTT pushed a commit to noe-orga-NTT/DVWA that referenced this pull request May 30, 2025
@digininja
Merge pull request digininja#670 from digininja/api
db68a06 
Added a vulnerable API module
noe-orga-NTT pushed a commit to noe-orga-NTT/DVWA that referenced this pull request May 30, 2025
@digininja
Merge pull request digininja#670 from digininja/api
aa182e3 
Added a vulnerable API module
BrunoCascante pushed a commit to BrunoCascante/DVWA that referenced this pull request Jun 16, 2025
@digininja
Merge pull request digininja#670 from digininja/api
f8fd3f1 
Added a vulnerable API module
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@digininja @github-advanced-security