exploiting-mass-assignment-in-rest-apis

Identifies and exploits mass assignment vulnerabilities in REST APIs to escalate privileges and modify restricted fields.

Install this skill

0/100

Security score

The exploiting-mass-assignment-in-rest-apis skill was audited on Jun 14, 2026 and we found 40 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 62

Curl to non-GitHub URL

SourceSKILL.md

62	curl -H "Authorization: Bearer USER_TOKEN" http://target.com/api/users/me \| jq .

medium line 66

Curl to non-GitHub URL

SourceSKILL.md

66	curl http://target.com/api/docs

medium line 67

Curl to non-GitHub URL

SourceSKILL.md

67	curl http://target.com/swagger.json

medium line 68

Curl to non-GitHub URL

SourceSKILL.md

68	curl http://target.com/openapi.yaml

medium line 81

Curl to non-GitHub URL

SourceSKILL.md

81	curl -X PUT http://target.com/api/users/me \

medium line 87

Curl to non-GitHub URL

SourceSKILL.md

87	curl -X PATCH http://target.com/api/users/me \

medium line 92

Curl to non-GitHub URL

SourceSKILL.md

92	curl -X PATCH http://target.com/api/users/me \

medium line 98

Curl to non-GitHub URL

SourceSKILL.md

98	curl -X POST http://target.com/api/register \

medium line 106

Curl to non-GitHub URL

SourceSKILL.md

106	curl -X POST http://target.com/api/orders \

medium line 112

Curl to non-GitHub URL

SourceSKILL.md

112	curl -X PATCH http://target.com/api/wallet \

medium line 118

Curl to non-GitHub URL

SourceSKILL.md

118	curl -X POST http://target.com/api/checkout \

medium line 124

Curl to non-GitHub URL

SourceSKILL.md

124	curl -X PATCH http://target.com/api/subscription \

medium line 133

Curl to non-GitHub URL

SourceSKILL.md

133	curl -X PATCH http://target.com/api/users/me \

medium line 139

Curl to non-GitHub URL

SourceSKILL.md

139	curl -X PATCH http://target.com/api/users/me \

medium line 145

Curl to non-GitHub URL

SourceSKILL.md

145	curl -X PATCH http://target.com/api/users/me \

medium line 154

Curl to non-GitHub URL

SourceSKILL.md

154	curl -X PATCH http://target.com/api/documents/123 \

medium line 160

Curl to non-GitHub URL

SourceSKILL.md

160	curl -X PATCH http://target.com/api/projects/456 \

medium line 166

Curl to non-GitHub URL

SourceSKILL.md

166	curl -X PATCH http://target.com/api/entries/789 \

low line 62

External URL reference

SourceSKILL.md

62	curl -H "Authorization: Bearer USER_TOKEN" http://target.com/api/users/me \| jq .

low line 66

External URL reference

SourceSKILL.md

66	curl http://target.com/api/docs

low line 67

External URL reference

SourceSKILL.md

67	curl http://target.com/swagger.json

low line 68

External URL reference

SourceSKILL.md

68	curl http://target.com/openapi.yaml

low line 71

External URL reference

SourceSKILL.md

71	arjun -u http://target.com/api/users/me -m JSON -H "Authorization: Bearer USER_TOKEN"

low line 81

External URL reference

SourceSKILL.md

81	curl -X PUT http://target.com/api/users/me \

low line 87

External URL reference

SourceSKILL.md

87	curl -X PATCH http://target.com/api/users/me \

low line 92

External URL reference

SourceSKILL.md

92	curl -X PATCH http://target.com/api/users/me \

low line 98

External URL reference

SourceSKILL.md

98	curl -X POST http://target.com/api/register \

low line 106

External URL reference

SourceSKILL.md

106	curl -X POST http://target.com/api/orders \

low line 112

External URL reference

SourceSKILL.md

112	curl -X PATCH http://target.com/api/wallet \

low line 118

External URL reference

SourceSKILL.md

118	curl -X POST http://target.com/api/checkout \

low line 124

External URL reference

SourceSKILL.md

124	curl -X PATCH http://target.com/api/subscription \

low line 133

External URL reference

SourceSKILL.md

133	curl -X PATCH http://target.com/api/users/me \

low line 139

External URL reference

SourceSKILL.md

139	curl -X PATCH http://target.com/api/users/me \

low line 145

External URL reference

SourceSKILL.md

145	curl -X PATCH http://target.com/api/users/me \

low line 154

External URL reference

SourceSKILL.md

154	curl -X PATCH http://target.com/api/documents/123 \

low line 160

External URL reference

SourceSKILL.md

160	curl -X PATCH http://target.com/api/projects/456 \

low line 166

External URL reference

SourceSKILL.md

166	curl -X PATCH http://target.com/api/entries/789 \

low line 183

External URL reference

SourceSKILL.md

183	--url http://target.com/api/users/me \

low line 189

External URL reference

SourceSKILL.md

189	echo "http://target.com" \| nuclei -t http/vulnerabilities/generic/mass-assignment.yaml

low line 227

External URL reference

SourceSKILL.md

227	- Target: http://target.com/api/users/me

Scanned on Jun 14, 2026

View Security Dashboard

Installation guide →

GitHub Stars 606

Rate this skill

Categorydevelopment

UpdatedJune 15, 2026

api security-engineer data-analyst qa-engineer development data analytics

xalgord/xalgorix