Open AtifaFahmeen opened 5 years ago
Project : FX SQL Test
Job : Default
Env : Default
Category : SQL_Injection
Tags : [OWASP A1, [PCI DSS 3.0] 6.5.1, OWASP - OTG-INPVAL-005, FX Top 10 - API Vulnerability, Intrusive]
Severity : Major
Region : US_WEST_2
Result : fail
Status Code : 404
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTRjMmVlYzQtYzUwYS00NzNhLTljNDgtMTc4YTdjZGUzMmFj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 23 Jan 2019 09:56:11 GMT]}
Endpoint : http://localhost:8080/api/v1/api/v1/alerts/
Request :
Response : { "timestamp" : "2019-01-23T09:56:11.287+0000", "status" : 404, "error" : "Not Found", "message" : "No message available", "path" : "/api/v1/api/v1/alerts/" }
Logs : 2019-01-23 09:56:07 ERROR [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : No module found with the name [FXLabs/Common/MySQL-TimeBound-SQL_Injection_Strings] defined in Fxfile.yaml 2019-01-23 09:56:11 DEBUG [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : URL [http://localhost:8080/api/v1/api/v1/alerts/] 2019-01-23 09:56:11 DEBUG [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : Method [GET] 2019-01-23 09:56:11 DEBUG [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : Request [] 2019-01-23 09:56:11 DEBUG [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic RlhMYWJzLy9hZG1pbkBmeGxhYnMuaW86YWRtaW4xMjMk]}] 2019-01-23 09:56:11 DEBUG [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : Response [{ "timestamp" : "2019-01-23T09:56:11.287+0000", "status" : 404, "error" : "Not Found", "message" : "No message available", "path" : "/api/v1/api/v1/alerts/" }] 2019-01-23 09:56:11 DEBUG [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTRjMmVlYzQtYzUwYS00NzNhLTljNDgtMTc4YTdjZGUzMmFj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 23 Jan 2019 09:56:11 GMT]}] 2019-01-23 09:56:11 DEBUG [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : StatusCode [404] 2019-01-23 09:56:11 DEBUG [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : Time [3862] 2019-01-23 09:56:11 DEBUG [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : Size [142] 2019-01-23 09:56:11 INFO [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : Assertion [@ResponseTime < 7000 OR @ResponseTime > 10000] resolved-to [3862 < 7000 OR 3862 > 10000] result [Passed] 2019-01-23 09:56:11 ERROR [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : Assertion [@StatusCode != 404] resolved-to [404 != 404] result [Failed]
--- FX Bot ---
Project : FX SQL Test
Job : Default
Env : Default
Category : SQL_Injection
Tags : [OWASP A1, [PCI DSS 3.0] 6.5.1, OWASP - OTG-INPVAL-005, FX Top 10 - API Vulnerability, Intrusive]
Severity : Major
Region : US_WEST_2
Result : fail
Status Code : 404
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTRjMmVlYzQtYzUwYS00NzNhLTljNDgtMTc4YTdjZGUzMmFj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 23 Jan 2019 09:56:11 GMT]}
Endpoint : http://localhost:8080/api/v1/api/v1/alerts/
Request :
Response :
{ "timestamp" : "2019-01-23T09:56:11.287+0000", "status" : 404, "error" : "Not Found", "message" : "No message available", "path" : "/api/v1/api/v1/alerts/" }
Logs :
2019-01-23 09:56:07 ERROR [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : No module found with the name [FXLabs/Common/MySQL-TimeBound-SQL_Injection_Strings] defined in Fxfile.yaml 2019-01-23 09:56:11 DEBUG [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : URL [http://localhost:8080/api/v1/api/v1/alerts/] 2019-01-23 09:56:11 DEBUG [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : Method [GET] 2019-01-23 09:56:11 DEBUG [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : Request [] 2019-01-23 09:56:11 DEBUG [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic RlhMYWJzLy9hZG1pbkBmeGxhYnMuaW86YWRtaW4xMjMk]}] 2019-01-23 09:56:11 DEBUG [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : Response [{ "timestamp" : "2019-01-23T09:56:11.287+0000", "status" : 404, "error" : "Not Found", "message" : "No message available", "path" : "/api/v1/api/v1/alerts/" }] 2019-01-23 09:56:11 DEBUG [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MTRjMmVlYzQtYzUwYS00NzNhLTljNDgtMTc4YTdjZGUzMmFj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 23 Jan 2019 09:56:11 GMT]}] 2019-01-23 09:56:11 DEBUG [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : StatusCode [404] 2019-01-23 09:56:11 DEBUG [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : Time [3862] 2019-01-23 09:56:11 DEBUG [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : Size [142] 2019-01-23 09:56:11 INFO [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : Assertion [@ResponseTime < 7000 OR @ResponseTime > 10000] resolved-to [3862 < 7000 OR 3862 > 10000] result [Passed] 2019-01-23 09:56:11 ERROR [ApiV1AlertsIdGetPathParamIdMysqlSqlInjectionTimebound] : Assertion [@StatusCode != 404] resolved-to [404 != 404] result [Failed]
--- FX Bot ---