API Panel

GetSession (GET /api/GetSession)
This function return session information including first name, last name, userid and username. Only GET method is supported.

Get The Session Data (GET /api/GetSession)

GetSum (POST /api/GetSum)
This function accepts two integers (arg1 and arg2) and returns sum of these. First parameter has input validation implemented, while the second doesn't (it return server error). Supported methods: POST. Authentication not required.

Get Sum (POST /get/GetSum)

ReflectInput (POST /api/ReflectInput)
This function reflect the input in the data in the response.

Reflect Input (POST /api/ReflectInput)

GetProductsByID (POST /api/GetProductByID)
This function accepts one integer (pID) and returns corresponding product details. Supported methods: POST. Authentication not required.

Get Product by ID (POST /api/GetProductByID)

GetProductsByCategory (POST /api/GetProductsByCategory)
This function accepts one integer (pCAT) and returns corresponding products list. Supported methods: POST. Authentication not required.

Get Products by Category (POST /api/GetProductsByCategory)

GetCategories (GET GetCategories)
This function returns categoris for products in the product database. Supported method: GET. Authetnication not required.

Get Categories (GET /api/GetCategories)

AddToCart (POST /api/AddToCart)
This function accepts two integers (pID and pQTY) and add a product to the cart. Supported methods: POST. Authentication is required.

AddToCart (POST /get/AddToCart)

GetCart (GET GetCart)
This function returns the items in the cart. Supported method: GET. Authetnication is required.

Get Cart (GET /api/GetCart)

GetCartInfo (GET GetCartInfo)
This function returns the summary of the cart. Supported method: GET. Authetnication is required.

Get Cart Info (GET /api/GetCartInfo)

AddCoupon (POST /api/AddCoupon)
This function accepts two integers (cPARTNER and cCODE) and add a coupon to the list. Supported methods: POST. Authentication is required.

AddCoupon (POST /get/AddCoupon)

GetCoupons (GET GetCoupons)
This function returns the list of coupons. Supported method: GET. Authetnication is required.

Get Cart (GET /api/GetCart)

Get User Data (POST /api/GetUserData)
This function accepts one integer (UserID) and returns corresponding user details. Supported methods: POST. Authentication required. SQL injection vulnerability present (try: ' OR 1 = 1 ). BOLA vulnerability (see BOLA script in WAF Panel).

Get User Data (POST /api/GetUserData)

Guestbook (POST /api/GuestBook)
This function accepts one text parameter (message) and adds the message to the guestbook. Supported methods: GET, POST, DELETE. Authentication required but not correctly implemented for POST method.

GuestBook Data (POST /api/GuestBook)