FX-SAAS-16 : ApiV1EnvsIdGetPathParamSqlInjectionTimeboundMysqlId

[amjadafanah]

Project : FX-SAAS-16

Job : DEV

Env : DEV

Region : FXLabs/US_WEST_1

Result : fail

Status Code : 500

Headers : {}

Endpoint : http://13.56.210.25//api/v1/envs/' or benchmark(7000000000,charset('abc')) = 0 ; --

Request :

Response :
I/O error on GET request for "http://13.56.210.25/api/v1/envs/'%20or%20benchmark(7000000000,charset('abc'))%20=%200%20;%20--": Timeout waiting for connection from pool; nested exception is org.apache.http.conn.ConnectionPoolTimeoutException: Timeout waiting for connection from pool

Logs :
Assertion [@StatusCode != 404] resolved-to [500 != 404] result [Passed]Assertion [@ResponseTime < 7000] resolved-to [15003 < 7000] result [Failed] --- FX Bot ---

[amjadafanah]

Project : FX-SAAS-16

Job : DEV

Env : DEV

Region : FXLabs/US_WEST_1

Result : pass

Status Code : 500

Headers : {Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Thu, 04 Oct 2018 10:25:14 GMT]}

Endpoint : http://13.56.210.25//api/v1/envs/' AND sleep(7)=0; --

Request :

Response :
{ "timestamp" : "2018-10-04T10:25:15.188+0000", "status" : 500, "error" : "Internal Server Error", "message" : "The request was rejected because the URL contained a potentially malicious String \";\"", "path" : "/api/v1/envs/'%20AND%20sleep(7)=0;%20--" }

Logs :
Assertion [@ResponseTime < 7000] resolved-to [11 < 7000] result [Passed]Assertion [@StatusCode != 404] resolved-to [500 != 404] result [Passed] --- FX Bot ---

[amjadafanah]

Project : FX-SAAS-16

Job : DEV

Env : DEV

Region : FXLabs/US_WEST_1

Result : pass

Status Code : 500

Headers : {Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Thu, 04 Oct 2018 10:25:14 GMT]}

Endpoint : http://13.56.210.25//api/v1/envs/' OR sleep(7)=0; --

Request :

Response :
{ "timestamp" : "2018-10-04T10:25:15.177+0000", "status" : 500, "error" : "Internal Server Error", "message" : "The request was rejected because the URL contained a potentially malicious String \";\"", "path" : "/api/v1/envs/'%20OR%20sleep(7)=0;%20--" }

Logs :
Assertion [@ResponseTime < 7000] resolved-to [11 < 7000] result [Passed]Assertion [@StatusCode != 404] resolved-to [500 != 404] result [Passed] --- FX Bot ---

[amjadafanah]

Project : FX-SAAS-16

Job : DEV

Env : DEV

Region : FXLabs/US_WEST_1

Result : pass

Status Code : 500

Headers : {Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Thu, 04 Oct 2018 10:25:14 GMT]}

Endpoint : http://13.56.210.25//api/v1/envs/' or benchmark(7000000000,charset('abc')) = 0 ; --

Request :

Response :
{ "timestamp" : "2018-10-04T10:25:15.165+0000", "status" : 500, "error" : "Internal Server Error", "message" : "The request was rejected because the URL contained a potentially malicious String \";\"", "path" : "/api/v1/envs/'%20or%20benchmark(7000000000,charset('abc'))%20=%200%20;%20--" }

Logs :
Assertion [@ResponseTime < 7000] resolved-to [11 < 7000] result [Passed]Assertion [@StatusCode != 404] resolved-to [500 != 404] result [Passed] --- FX Bot ---