⚡ VulnAPI

PRACIVO LAB — INTENTIONALLY VULNERABLE
Docs SSTI Param Pollution API Error Disclosure
⚠️ Pracivo Security Lab — SSTI in /render, parameter pollution in /search, verbose errors, CORS wildcard.

VulnAPI Endpoints

GET/POST /render — SSTI: user input rendered as Jinja2 template
GET /search — HTTP Parameter Pollution: duplicate params behave unexpectedly
GET /api/items — CORS wildcard: any origin can read this
GET /error-test — Verbose errors: stack traces exposed to users
POST /api/update — Mass assignment: accepts unexpected fields