{
  "openapi": "3.0.3",
  "info": {"title": "sekumart API", "version": "1.0", "description": "Deliberately vulnerable endpoints for practising sqlmap --openapi against the sekumart demo shop."},
  "servers": [{"url": "/"}],
  "paths": {
    "/product.php":  {"get":  {"summary": "product by id (integer SQLi)",        "parameters": [{"name": "id",   "in": "query", "schema": {"type": "integer"}, "example": 1}]}},
    "/category.php": {"get":  {"summary": "products by category (integer SQLi)",  "parameters": [{"name": "cat",  "in": "query", "schema": {"type": "integer"}, "example": 1}]}},
    "/search.php":   {"get":  {"summary": "product search (string SQLi + XSS)",   "parameters": [{"name": "q",    "in": "query", "schema": {"type": "string"},  "example": "mug"}]}},
    "/catalog.php":  {"get":  {"summary": "sortable catalog (ORDER BY SQLi)",     "parameters": [{"name": "sort", "in": "query", "schema": {"type": "string"},  "example": "id"}]}},
    "/track.php":    {"get":  {"summary": "order tracking (blind SQLi)",          "parameters": [{"name": "order","in": "query", "schema": {"type": "string"},  "example": "SK-1001"}]}},
    "/login.php":    {"post": {"summary": "login (auth-bypass SQLi)", "requestBody": {"content": {"application/x-www-form-urlencoded": {"schema": {"type": "object", "properties": {"username": {"type": "string"}, "password": {"type": "string"}}, "example": {"username": "admin", "password": "password"}}}}}}},
    "/apiv1.php":    {"post": {"summary": "product lookup (JSON-body SQLi)",       "requestBody": {"content": {"application/json": {"schema": {"type": "object", "properties": {"id": {"type": "integer"}}, "example": {"id": 1}}}}}}}
  }
}
