search

amjadafanah / FX-SAAS-9

This project is for testing the security and quality of APIs in FX SaaS
0 stars 0 forks source link

FX-SAAS-9 : ApiV1Notifications@randomGetOtherRbac #1301

Open amjadafanah opened 5 years ago

amjadafanah commented 5 years ago

Project : FX-SAAS-9

Job : Dev

Env : Dev

Region : FXLabs/US_WEST_1

Result : fail

Status Code : 200

Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 03 Oct 2018 11:06:15 GMT]}

Endpoint : http://13.56.210.25/api/v1/notifications/UYd6Wez0

Request :

Response :
{ "requestId" : "None", "requestTime" : "2018-10-03T11:06:15.892+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : "", "value" : "No value present" } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }

Logs :
Assertion [@StatusCode == 403] resolved-to [200 == 403] result [Failed] --- FX Bot ---

amjadafanah commented 5 years ago

Project : FX-SAAS-9

Job : Dev

Env : Dev

Region : FXLabs/US_WEST_1

Result : fail

Status Code : 401

Headers : {WWW-Authenticate=[Basic realm="Realm"], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Fri, 05 Oct 2018 11:20:43 GMT]}

Endpoint : http://13.56.210.25/api/v1/notifications/LbB5ccRH

Request :

Response :
{ "timestamp" : "2018-10-05T11:20:44.609+0000", "status" : 401, "error" : "Unauthorized", "message" : "Unauthorized", "path" : "/api/v1/notifications/LbB5ccRH" }

Logs :
Assertion [@StatusCode == 403] resolved-to [401 == 403] result [Failed] --- FX Bot ---