APITest.IO: beta version reveals paths, environment variables and partially files contents

Hi guys! You should disable error reporting on beta version. It reveals lot of information and even files contents. How to reproduce: 1 Navigate to http://beta.apitest.io/newsletter, modify csrf-token "token" to any data. 2 input something to "email" and "name" fields. 3 submit the form. As resul...

APITest.IO: Login Via FB Leads To Create A New Account Instead Of Loging In

Hy There So When A User For Example in my case sign up with email [email protected] And Confirm The Email Address So Then If I Logout And MAke sure that the account associated with [email protected] is logged in on facebook and on apitest.io when i click on sign in via FB it leads me to...

APITest.IO: Clickjacking: X-Frame-Options header missing

same as this report https://hackerone.com/reports/7492 vulnerable :- sign in ,sign up ,and main domain poc attached...

APITest.IO: SSRF on testing endpoint

Synopsis The form at https://www.apitest.io/request accepts among others the "url" parameter. This feature allows to reach internal services like the OpenStack metadata server or services running on loopback. Identified services http://0x7f.1/ nginx = "If you see this page, the nginx web server i...