-
Notifications
You must be signed in to change notification settings - Fork 0
/
testapi.http
92 lines (84 loc) · 2.28 KB
/
testapi.http
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
POST http://localhost:8000/api/login
Content-Type: application/json
Accept: application/json
{
"email": "mark@example.com",
"password": "0987654321"
}
###
POST http://localhost:8000/api/signup
Content-Type: application/json
Accept: application/json
{
"name": "Bang Mark",
"email": "mark@example.com",
"password": "0987654321",
"password_confirmation":"0987654321"
}
###
GET http://localhost:8000/api/profile
Accept: application/json
Authorization: Bearer 1|DRt1cOTGTAsTvExtqXUydcVsnPS1TDnpWaMEonHy
###
POST http://localhost:8000/api/loans
Accept: application/json
Content-Type: application/json
Authorization: Bearer 1|DRt1cOTGTAsTvExtqXUydcVsnPS1TDnpWaMEonHy
{
"amount": 30000,
"term":3
}
###
GET http://localhost:8000/api/loans
Accept: application/json
Authorization: Bearer 1|DRt1cOTGTAsTvExtqXUydcVsnPS1TDnpWaMEonHy
###
POST http://localhost:8000/api/admin/login
Content-Type: application/json
Accept: application/json
{
"email": "root@admin.com",
"password": "123456"
}
###
PUT http://localhost:8000/api/loans/1/approve
Accept: application/json
Authorization: Bearer 3|u6HFQ4nc1SPULV1f87a1Wor5hOPbGShmGS6oBKyZ
###
POST http://localhost:8000/api/loans/pay
Accept: application/json
Content-Type: application/json
Authorization: Bearer 1|DRt1cOTGTAsTvExtqXUydcVsnPS1TDnpWaMEonHy
{
"loan_id":2,
"amount":10000
}
###
GET http://localhost:8000/api/loans/2/repayment?status=
Accept: application/json
Authorization: Bearer 1|DRt1cOTGTAsTvExtqXUydcVsnPS1TDnpWaMEonHy
###
POST http://localhost:8000/api/signup
Content-Type: application/json
Accept: application/json
{
"name": "Bang Dum",
"email": "dum@example.com",
"password": "qwer123",
"password_confirmation":"qwer123"
}
###test denied
GET http://localhost:8000/api/loans/2/repayment?status=
Accept: application/json
Authorization: Bearer 5|5Hj9qfdzQvK0W7p34mr5Y93z7LaZ1IrxglECZfXV
###test denied
POST http://localhost:8000/api/loans/pay
Accept: application/json
Content-Type: application/json
Authorization: Bearer 5|5Hj9qfdzQvK0W7p34mr5Y93z7LaZ1IrxglECZfXV
{
"loan_id":2,
"amount":10000
}
###https://sqlmap.org/ Automatic SQL injection and database takeover tool
#python sqlmap.py -v -u "http://localhost:8000/api/loans/1/repayment" -H "Authorization: Bearer 4|fXeuvBacmS6nvIbVmmlOa1gThVqB0fU452M1cCW2" -f --tamper='space2comment' --level=5