APIIntermediateVulnerable Bank

Hacking Vulnerable Bank API — Part 1

Financial API assessment demonstrating BOLA, mass assignment, and authentication weaknesses.

December 9, 202515 min read→ User → Admin

Executive Summary

Vulnerability Chain: Registration → BOLA on accounts → mass assignment → auth bypass → admin access
Impact: Full account takeover and unauthorized financial data access.
Methodology: API endpoint enumeration, authorization testing, and parameter tampering.

ID	Finding	Severity	Type
VB1	Broken Object Level Authorization on account endpoints	Critical	BOLA
VB2	Mass assignment on user registration	High	Mass Assignment