Introduction

For the issue type "Broken authentication" There are many things that can go wrong but i wanted to show you that broken authentication

Requirements

• A patato ... Seriously though, a small VPS or spare computer with the minimal amount of RAM and disk space will do. The APIs we will be building do not require much.
• Python 3.x (https://www.python.org/downloads/)
• Flask (pip install Flask but hold off if you did not do it yet, we will be creating a python virtual env)

Let's set up

To start with, we will need to set up a virtual environment first. This is a place we can install our dependencies of a certain project on and keep them seperate from the other projects. This is very useful to keep oversight but also if you have one project that requires a certain version of an import while another project might need a much older and non-compatible version of that library.

mkdir "GoudAPI-SQLi"
cd GoudAPI-SQLi
python3 -m venv GoudAPI-SQLi

mkdir GoudAPI-SQLi
cd GoudAPI-SQLi
py -3 -m venv GoudAPI-SQLi

With these commands we are creating a venv (virtual enviornment) called GoudAPI-BAC which is marked by a new folder, now we have to swith to it.

. GoudAPI-SQLi/bin/activate

GoudAPI-SQLi\\Scripts\\activate

And now we can easily use pip to install flask

pip install Flask

Now that flask is installed, we can easily create our first vulnerable API.

Hello World

We will first need to write a few lines of code to tell python it should start a flask web application.