search

amjadafanah / FX-SAAS-7

This project is for automating the security and quality testing of FX SaaS
0 stars 0 forks source link

FX-SAAS-7 : ApiV1VaultGetPathParamSqlInjectionMysqlPagesize #649

Closed amjadafanah closed 6 years ago

amjadafanah commented 6 years ago

Project : FX-SAAS-7

Job : Dev

Env : Dev

Region : FXLabs/US_WEST_1

Result : fail

Status Code : 200

Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Mon, 17 Sep 2018 12:04:20 GMT]}

Endpoint : http://13.56.210.25//api/v1/vault?pageSize=

Request :

Response :
{ "requestId" : "None", "requestTime" : "2018-09-17T12:04:21.571+0000", "errors" : false, "messages" : [ ], "data" : [ ], "totalPages" : 0, "totalElements" : 0 }

Logs :
Assertion [@StatusCode != 404] passed, not expecting [404] and found [200]Assertion [@StatusCode != 500] passed, not expecting [500] and found [200]Assertion [@StatusCode != 401] passed, not expecting [401] and found [200]Assertion [@ResponseTime >= 5000] failed, expected value [5000] but found [10] --- FX Bot ---

amjadafanah commented 6 years ago

Project : FX-SAAS-7

Job : Dev

Env : Dev

Region : FXLabs/US_WEST_1

Result : pass

Status Code : 200

Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 19 Sep 2018 12:06:23 GMT]}

Endpoint : http://13.56.210.25//api/v1/vault?pageSize=

Request :

Response :
{ "requestId" : "None", "requestTime" : "2018-09-19T12:06:23.587+0000", "errors" : false, "messages" : [ ], "data" : [ { "id" : "8a80805765f059780165f19ae9ab3c50", "createdBy" : "8a8080cf65e02c0f0165e031fa6b0000", "createdDate" : "2018-09-19T11:33:06.091+0000", "modifiedBy" : "8a8080cf65e02c0f0165e031fa6b0000", "modifiedDate" : "2018-09-19T11:33:06.091+0000", "version" : null, "inactive" : false, "org" : { "id" : "8a8080cf65e02c0f0165e031fb9e0003", "createdBy" : "anonymousUser", "createdDate" : "2018-09-16T02:24:56.734+0000", "modifiedBy" : "anonymousUser", "modifiedDate" : "2018-09-16T02:24:56.734+0000", "version" : null, "inactive" : false, "name" : "FXLabs" }, "key" : "koyHB14", "val" : null, "description" : null }, { "id" : "8a80805765f059780165f18af4270a2a", "createdBy" : "8a8080cf65e02c0f0165e031fa6b0000", "createdDate" : "2018-09-19T11:15:40.199+0000", "modifiedBy" : "8a8080cf65e02c0f0165e031fa6b0000", "modifiedDate" : "2018-09-19T11:15:40.199+0000", "version" : null, "inactive" : false, "org" : { "id" : "8a8080cf65e02c0f0165e031fb9e0003", "createdBy" : "anonymousUser", "createdDate" : "2018-09-16T02:24:56.734+0000", "modifiedBy" : "anonymousUser", "modifiedDate" : "2018-09-16T02:24:56.734+0000", "version" : null, "inactive" : false, "name" : "FXLabs" }, "key" : "0bv6Ch", "val" : null, "description" : null }, { "id" : "8a80805765f059780165f18595e1751b", "createdBy" : "8a8080cf65e02c0f0165e031fa6b0000", "createdDate" : "2018-09-19T11:09:48.385+0000", "modifiedBy" : "8a8080cf65e02c0f0165e031fa6b0000", "modifiedDate" : "2018-09-19T11:09:48.385+0000", "version" : null, "inactive" : false, "org" : { "id" : "8a8080cf65e02c0f0165e031fb9e0003", "createdBy" : "anonymousUser", "createdDate" : "2018-09-16T02:24:56.734+0000", "modifiedBy" : "anonymousUser", "modifiedDate" : "2018-09-16T02:24:56.734+0000", "version" : null, "inactive" : false, "name" : "FXLabs" }, "key" : "zpTmSi", "val" : null, "description" : null }, { "id" : "8a80805765f059780165f184c0ad723e", "createdBy" : "8a8080cf65e02c0f0165e031fa6b0000", "createdDate" : "2018-09-19T11:08:53.805+0000", "modifiedBy" : "8a8080cf65e02c0f0165e031fa6b0000", "modifiedDate" : "2018-09-19T11:08:53.805+0000", "version" : null, "inactive" : false, "org" : { "id" : "8a8080cf65e02c0f0165e031fb9e0003", "createdBy" : "anonymousUser", "createdDate" : "2018-09-16T02:24:56.734+0000", "modifiedBy" : "anonymousUser", "modifiedDate" : "2018-09-16T02:24:56.734+0000", "version" : null, "inactive" : false, "name" : "FXLabs" }, "key" : "dd9b4o", "val" : null, "description" : null }, { "id" : "8a80805765f059780165f16db4553e5a", "createdBy" : "8a8080cf65e02c0f0165e031fa6b0000", "createdDate" : "2018-09-19T10:43:43.317+0000", "modifiedBy" : "8a8080cf65e02c0f0165e031fa6b0000", "modifiedDate" : "2018-09-19T10:43:43.317+0000", "version" : null, "inactive" : false, "org" : { "id" : "8a8080cf65e02c0f0165e031fb9e0003", "createdBy" : "anonymousUser", "createdDate" : "2018-09-16T02:24:56.734+0000", "modifiedBy" : "anonymousUser", "modifiedDate" : "2018-09-16T02:24:56.734+0000", "version" : null, "inactive" : false, "name" : "FXLabs" }, "key" : "fxtestvault", "val" : null, "description" : null }, { "id" : "8a80805765f059780165f16849b219fa", "createdBy" : "8a8080cf65e02c0f0165e031fa6b0000", "createdDate" : "2018-09-19T10:37:48.338+0000", "modifiedBy" : "8a8080cf65e02c0f0165e031fa6b0000", "modifiedDate" : "2018-09-19T10:37:48.338+0000", "version" : null, "inactive" : false, "org" : { "id" : "8a8080cf65e02c0f0165e031fb9e0003", "createdBy" : "anonymousUser", "createdDate" : "2018-09-16T02:24:56.734+0000", "modifiedBy" : "anonymousUser", "modifiedDate" : "2018-09-16T02:24:56.734+0000", "version" : null, "inactive" : false, "name" : "FXLabs" }, "key" : "pRo6Ywv5ujsjdHqorJqUkFFs", "val" : null, "description" : null }, { "id" : "8a80805765f059780165f161c9ec678c", "createdBy" : "8a8080cf65e02c0f0165e031fa6b0000", "createdDate" : "2018-09-19T10:30:42.412+0000", "modifiedBy" : "8a8080cf65e02c0f0165e031fa6b0000", "modifiedDate" : "2018-09-19T10:30:42.412+0000", "version" : null, "inactive" : false, "org" : { "id" : "8a8080cf65e02c0f0165e031fb9e0003", "createdBy" : "anonymousUser", "createdDate" : "2018-09-16T02:24:56.734+0000", "modifiedBy" : "anonymousUser", "modifiedDate" : "2018-09-16T02:24:56.734+0000", "version" : null, "inactive" : false, "name" : "FXLabs" }, "key" : "ZTmSz0VP3YG", "val" : null, "description" : null }, { "id" : "8a80806b65e638120165e72ea09d5cf9", "createdBy" : "8a8080cf65e02c0f0165e031fa6b0000", "createdDate" : "2018-09-17T10:58:37.341+0000", "modifiedBy" : "8a8080cf65e02c0f0165e031fa6b0000", "modifiedDate" : "2018-09-17T10:58:37.341+0000", "version" : null, "inactive" : false, "org" : { "id" : "8a8080cf65e02c0f0165e031fb9e0003", "createdBy" : "anonymousUser", "createdDate" : "2018-09-16T02:24:56.734+0000", "modifiedBy" : "anonymousUser", "modifiedDate" : "2018-09-16T02:24:56.734+0000", "version" : null, "inactive" : false, "name" : "FXLabs" }, "key" : "W6", "val" : null, "description" : null }, { "id" : "8a80806b65e638120165e72e05205c3a", "createdBy" : "8a8080cf65e02c0f0165e031fa6b0000", "createdDate" : "2018-09-17T10:57:57.536+0000", "modifiedBy" : "8a8080cf65e02c0f0165e031fa6b0000", "modifiedDate" : "2018-09-17T10:57:57.536+0000", "version" : null, "inactive" : false, "org" : { "id" : "8a8080cf65e02c0f0165e031fb9e0003", "createdBy" : "anonymousUser", "createdDate" : "2018-09-16T02:24:56.734+0000", "modifiedBy" : "anonymousUser", "modifiedDate" : "2018-09-16T02:24:56.734+0000", "version" : null, "inactive" : false, "name" : "FXLabs" }, "key" : "nn7rv", "val" : null, "description" : null }, { "id" : "8a80806b65e638120165e72df5bb5c15", "createdBy" : "8a8080cf65e02c0f0165e031fa6b0000", "createdDate" : "2018-09-17T10:57:53.595+0000", "modifiedBy" : "8a8080cf65e02c0f0165e031fa6b0000", "modifiedDate" : "2018-09-17T10:57:53.595+0000", "version" : null, "inactive" : false, "org" : { "id" : "8a8080cf65e02c0f0165e031fb9e0003", "createdBy" : "anonymousUser", "createdDate" : "2018-09-16T02:24:56.734+0000", "modifiedBy" : "anonymousUser", "modifiedDate" : "2018-09-16T02:24:56.734+0000", "version" : null, "inactive" : false, "name" : "FXLabs" }, "key" : "ORVIfk", "val" : null, "description" : null }, { "id" : "8a80806b65e638120165e72dd13b5b8c", "createdBy" : "8a8080cf65e02c0f0165e031fa6b0000", "createdDate" : "2018-09-17T10:57:44.251+0000", "modifiedBy" : "8a8080cf65e02c0f0165e031fa6b0000", "modifiedDate" : "2018-09-17T10:57:44.251+0000", "version" : null, "inactive" : false, "org" : { "id" : "8a8080cf65e02c0f0165e031fb9e0003", "createdBy" : "anonymousUser", "createdDate" : "2018-09-16T02:24:56.734+0000", "modifiedBy" : "anonymousUser", "modifiedDate" : "2018-09-16T02:24:56.734+0000", "version" : null, "inactive" : false, "name" : "FXLabs" }, "key" : "qUiYQPjZ", "val" : null, "description" : null }, { "id" : "8a80806b65e638120165e72db9e25b67", "createdBy" : "8a8080cf65e02c0f0165e031fa6b0000", "createdDate" : "2018-09-17T10:57:38.274+0000", "modifiedBy" : "8a8080cf65e02c0f0165e031fa6b0000", "modifiedDate" : "2018-09-17T10:57:38.274+0000", "version" : null, "inactive" : false, "org" : { "id" : "8a8080cf65e02c0f0165e031fb9e0003", "createdBy" : "anonymousUser", "createdDate" : "2018-09-16T02:24:56.734+0000", "modifiedBy" : "anonymousUser", "modifiedDate" : "2018-09-16T02:24:56.734+0000", "version" : null, "inactive" : false, "name" : "FXLabs" }, "key" : "val1-HPEn6E", "val" : null, "description" : null }, { "id" : "8a80806b65e638120165e72d918f5b26", "createdBy" : "8a8080cf65e02c0f0165e031fa6b0000", "createdDate" : "2018-09-17T10:57:27.951+0000", "modifiedBy" : "8a8080cf65e02c0f0165e031fa6b0000", "modifiedDate" : "2018-09-17T10:57:27.951+0000", "version" : null, "inactive" : false, "org" : { "id" : "8a8080cf65e02c0f0165e031fb9e0003", "createdBy" : "anonymousUser", "createdDate" : "2018-09-16T02:24:56.734+0000", "modifiedBy" : "anonymousUser", "modifiedDate" : "2018-09-16T02:24:56.734+0000", "version" : null, "inactive" : false, "name" : "FXLabs" }, "key" : "val1-7R0Y79", "val" : null, "description" : null }, { "id" : "8a80806b65e638120165e64f32690067", "createdBy" : "8a8080cf65e02c0f0165e031fa6b0000", "createdDate" : "2018-09-17T06:54:34.601+0000", "modifiedBy" : "8a8080cf65e02c0f0165e031fa6b0000", "modifiedDate" : "2018-09-17T06:54:34.601+0000", "version" : null, "inactive" : false, "org" : { "id" : "8a8080cf65e02c0f0165e031fb9e0003", "createdBy" : "anonymousUser", "createdDate" : "2018-09-16T02:24:56.734+0000", "modifiedBy" : "anonymousUser", "modifiedDate" : "2018-09-16T02:24:56.734+0000", "version" : null, "inactive" : false, "name" : "FXLabs" }, "key" : "FXLabs//admin@fxlabs.io", "val" : null, "description" : null } ], "totalPages" : 1, "totalElements" : 14 }

Logs :
Assertion [@StatusCode != 401] passed, not expecting [401] and found [200]Assertion [@ResponseTime >= 5000] failed, expected value [5000] but found [12]Assertion [@StatusCode != 500] passed, not expecting [500] and found [200]Assertion [@StatusCode != 404] passed, not expecting [404] and found [200] --- FX Bot ---