Once upon a time, one of the applications being developed in the lab required a client-server communication model. The instant choice was to go forward and use any of the existing open-source REST APIs. However, as time passed, a totally fresh REST API was built using PHP and MySQL. It was not unusual for the API to be vulnerable, as defenseless code flowed magically from creator’s fingers; each security issue were seen as a new feature. Recognizing the significance and necessity of such a platform to accelerate the security research on this domain, the complete code has been brought to you as ExploitMe REST.
1.0 was the initial public release of ExploitMe REST. It was built as a blogging application. A registered user can create and delete blog posts on the website while anonymous users can only see the posts; at least that is how it was supposed to be. Finding and leveraging the vulnerabilities on the platform may prove all that wrong – so that is up to you. For accessing the API, a web application and an Android application was created. The API can also be accessed by REST API clients.
2.0 is the latest public release of ExploitMe REST. It is built as a shopping cart application. Now, there are multiple user levels, privilege escalations, logical vulnerabilities, security through obscurity e.t.c.. The API can be acessed through REST API clients or by using the web application frontend.