{% extends 'scenario-basic.html' %} {% block title-text %} Tiredful API: SQL Injection {% endblock %} {% block content %}

Challenge: SQL Injection

APIs implemented to serve a fitness tracker mobile app, is used to check fitness activity in a month.
Following is the API end point to access monthly fitness activity

POST http://{{ request.get_host }}/api/v1/activities/

POST: 
    {
      "month": <month(string)>
    }

User
Sleep
HeartBeat
Calories
Running
Month
{% for data in tracker_details %}
{{ data.user.username }}
{{ data.sleep }}
{{ data.heartbeat }}
{{ data.calories }}
{{ data.running }}
{{ data.month }}
{% endfor %} Aim: Try to find table names of the database(SQLite). {% endblock %}