Git Product home page Git Product logo

generic-university's Introduction

Generic University

Generic University's IT department are excited to release their new tool so students can see all their grades online! Although still under construction some hacker has used Sublist3r and found it despite it being under construction. Thankfully Generic University have a bug bounty program and *.genericuniversity.ac.uk is in scope, no one seems to have noticed this under construction tool yet so get out there are find those bugs!

Vulnerable API

This is a Laravel App which I've used for several demos which is vulnerable to a number of vulnerabilities on the OWASP API top 10. This is not a CTF, the bugs are quite clear and not hidden, however I suspect this will be a useful demo!

Vulnerabilities

Find out more about the OWASP API Top 10

  • API1:2019 Broken Object Level Authorization
  • API2:2019 Broken User Authentication
  • API3:2019 Excessive Data Exposure
  • API5:2019 Broken Function Level Authorization
  • API6:2019 Mass Assignment
  • API7:2019 Security Misconfiguration

Your Goals

  1. Find the emails of the administrator
  2. Brute force the API to find new endpoints
  3. Find out what grades everyone got in a class
  4. Edit someone's grade
  5. Make an account
  6. Access the GraphQL API
  7. Change another account's password
  8. Login to your account
  9. Access admin API
  10. Find out what vulnerabilities the IT admins have ignored
  11. Make your account an admin
  12. Access the admin control panel
  13. Fire a blind XSS in the admin control panel and validate with your new admin account
  14. Delete everything
  15. Restore everything

Docker NEW

Thanks to busk3r, you can setup Generic University using docker. Simply install Docker and follow the commands from the docker page. Thank you!

Inital Setup

You will need to setup PHP, a webserver and a database suitable for laravel, you can use something like XAMPP on windows, or set it up yourself, to these requirements. You can google to find manual setup instructions, @kofler86 has contributed a setup guide for Kali Linux.

  1. Clone git clone https://github.com/InsiderPhD/Generic-University/
  2. run composer update
  3. Change the .env
  4. run php artisan migrate
  5. run php artisan db:seed

generic-university's People

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.