< Back





1. Exploiting an API endpoint using documentation

We're asked to delete the user "carlos" using the API exposed by this web application. We find the
documentation for the API via /api and see that we can delete a user by sending a DELETE request to
/api/user/username. We must be authenticated in order to make requests to the API.
  
We login as the user "wiener", and send a DELETE request to /api/user/carlos, deleting carlos.


Solution