Skip to content

Latest commit

 

History

History
 
 

copy-n-paste

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
app
app
 
 
deployments
deployments
 
 
docs
docs
 
 
images
images
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

README.md

CopyNPaste API

This is a simple Golang API that contains an example of an Injection vulnerability.

What is Injection?

Definition from OWASP:

Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.

Requirements

To build this lab you will need Docker and Docker Compose.

Deploy and Run

After cloning this repository, you can type the following command to start the vulnerable application:

$ make install

Then simply visit localhost:3000 !

Attack Narrative

To understand how this vulnerability can be exploited, check this section!

Mitigating the vulnerability

(Spoiler alert 🧐) To understand how this vulnerability can be mitigated, check this other section!

Contributing

Yes, please. ⚡