search

amjadafanah / FX-SAAS-9

This project is for testing the security and quality of APIs in FX SaaS
0 stars 0 forks source link

FX-SAAS-9 : ApiV1AccountsIdGetPathParamSqlInjectionMysqlId #440

Open amjadafanah opened 6 years ago

amjadafanah commented 6 years ago

Project : FX-SAAS-9

Job : Dev

Env : Dev

Region : FXLabs/US_WEST_1

Result : fail

Status Code : 200

Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Sat, 08 Sep 2018 10:40:25 GMT]}

Endpoint : http://13.56.210.25/api/v1/accounts/

Request :

Response :
{ "requestId" : "None", "requestTime" : "2018-09-08T10:40:26.663+0000", "errors" : false, "messages" : [ ], "data" : [ { "id" : "8a80801765b3d1ae0165b8b8bed42609", "createdBy" : "8a80808a657aacf801657ab17ca30000", "createdDate" : "2018-09-08T10:27:19.892+0000", "modifiedBy" : "8a80808a657aacf801657ab17ca30000", "modifiedDate" : "2018-09-08T10:27:19.892+0000", "version" : null, "inactive" : false, "name" : "RiyazTC-Kozey", "region" : null, "accessKey" : "Darius", "secretKey" : null, "org" : { "id" : "8a80801765b3d1ae0165b407796f0488", "createdBy" : "8a80808a657aacf801657ab17ca30000", "createdDate" : "2018-09-07T12:35:13.391+0000", "modifiedBy" : "8a80808a657aacf801657ab17ca30000", "modifiedDate" : "2018-09-07T12:35:13.391+0000", "version" : null, "inactive" : false, "name" : "as" }, "accountType" : "GitHub", "prop1" : null, "prop2" : null, "prop3" : null, "allowedRegions" : [ ] }, { "id" : "8a80801765b3d1ae0165b4d972eb075e", "createdBy" : "8a80808a657aacf801657ab17ca30000", "createdDate" : "2018-09-07T16:24:34.283+0000", "modifiedBy" : "8a80808a657aacf801657ab17ca30000", "modifiedDate" : "2018-09-07T16:24:34.283+0000", "version" : null, "inactive" : false, "name" : "Init-VuZida", "region" : null, "accessKey" : "test", "secretKey" : null, "org" : { "id" : "8a80801765b3d1ae0165b407796f0488", "createdBy" : "8a80808a657aacf801657ab17ca30000", "createdDate" : "2018-09-07T12:35:13.391+0000", "modifiedBy" : "8a80808a657aacf801657ab17ca30000", "modifiedDate" : "2018-09-07T12:35:13.391+0000", "version" : null, "inactive" : false, "name" : "as" }, "accountType" : "Git", "prop1" : null, "prop2" : null, "prop3" : null, "allowedRegions" : [ ] }, { "id" : "8a80801765b3d1ae0165b4d967c6074b", "createdBy" : "8a80808a657aacf801657ab17ca30000", "createdDate" : "2018-09-07T16:24:31.430+0000", "modifiedBy" : "8a80808a657aacf801657ab17ca30000", "modifiedDate" : "2018-09-07T16:24:31.430+0000", "version" : null, "inactive" : false, "name" : "Init-Z96tCq", "region" : null, "accessKey" : "test", "secretKey" : null, "org" : { "id" : "8a80801765b3d1ae0165b407796f0488", "createdBy" : "8a80808a657aacf801657ab17ca30000", "createdDate" : "2018-09-07T12:35:13.391+0000", "modifiedBy" : "8a80808a657aacf801657ab17ca30000", "modifiedDate" : "2018-09-07T12:35:13.391+0000", "version" : null, "inactive" : false, "name" : "as" }, "accountType" : "GitLab", "prop1" : null, "prop2" : null, "prop3" : null, "allowedRegions" : [ ] }, { "id" : "8a80801765b3d1ae0165b4d9224906d1", "createdBy" : "8a80808a657aacf801657ab17ca30000", "createdDate" : "2018-09-07T16:24:13.641+0000", "modifiedBy" : "8a80808a657aacf801657ab17ca30000", "modifiedDate" : "2018-09-07T16:24:13.641+0000", "version" : null, "inactive" : false, "name" : "Init-xyeoHW", "region" : null, "accessKey" : "test", "secretKey" : null, "org" : { "id" : "8a80801765b3d1ae0165b407796f0488", "createdBy" : "8a80808a657aacf801657ab17ca30000", "createdDate" : "2018-09-07T12:35:13.391+0000", "modifiedBy" : "8a80808a657aacf801657ab17ca30000", "modifiedDate" : "2018-09-07T12:35:13.391+0000", "version" : null, "inactive" : false, "name" : "as" }, "accountType" : "BitBucket", "prop1" : null, "prop2" : null, "prop3" : null, "allowedRegions" : [ ] }, { "id" : "8a80801765b3d1ae0165b4d905b206b0", "createdBy" : "8a80808a657aacf801657ab17ca30000", "createdDate" : "2018-09-07T16:24:06.322+0000", "modifiedBy" : "8a80808a657aacf801657ab17ca30000", "modifiedDate" : "2018-09-07T16:24:06.322+0000", "version" : null, "inactive" : false, "name" : "Init-CSLRvH", "region" : null, "accessKey" : "test", "secretKey" : null, "org" : { "id" : "8a80801765b3d1ae0165b407796f0488", "createdBy" : "8a80808a657aacf801657ab17ca30000", "createdDate" : "2018-09-07T12:35:13.391+0000", "modifiedBy" : "8a80808a657aacf801657ab17ca30000", "modifiedDate" : "2018-09-07T12:35:13.391+0000", "version" : null, "inactive" : false, "name" : "as" }, "accountType" : "GitHub", "prop1" : null, "prop2" : null, "prop3" : null, "allowedRegions" : [ ] }, { "id" : "8a80801765b3d1ae0165b4077971048a", "createdBy" : "8a80808a657aacf801657ab17ca30000", "createdDate" : "2018-09-07T12:35:13.393+0000", "modifiedBy" : "8a80808a657aacf801657ab17ca30000", "modifiedDate" : "2018-09-07T12:35:13.393+0000", "version" : null, "inactive" : false, "name" : "Default_SelfHosted", "region" : null, "accessKey" : null, "secretKey" : null, "org" : { "id" : "8a80801765b3d1ae0165b407796f0488", "createdBy" : "8a80808a657aacf801657ab17ca30000", "createdDate" : "2018-09-07T12:35:13.391+0000", "modifiedBy" : "8a80808a657aacf801657ab17ca30000", "modifiedDate" : "2018-09-07T12:35:13.391+0000", "version" : null, "inactive" : false, "name" : "as" }, "accountType" : "Self_Hosted", "prop1" : null, "prop2" : null, "prop3" : null, "allowedRegions" : [ ] } ], "totalPages" : 1, "totalElements" : 6 }

Logs :
Assertion [@ResponseTime >= 5000] failed, expected value [5000] but found [16] --- FX Bot ---

amjadafanah commented 6 years ago

Project : FX-SAAS-9

Job : Dev

Env : Dev

Region : FXLabs/US_WEST_1

Result : fail

Status Code : 200

Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Fri, 14 Sep 2018 11:02:39 GMT]}

Endpoint : http://13.56.210.25/api/v1/accounts/

Request :

Response :
{ "requestId" : "None", "requestTime" : "2018-09-14T11:02:39.487+0000", "errors" : false, "messages" : [ ], "data" : [ { "id" : "8a8080dd65d25ac10165d289663b0a25", "createdBy" : "8a80808a657aacf801657ab17ca30000", "createdDate" : "2018-09-13T10:45:44.635+0000", "modifiedBy" : "8a80808a657aacf801657ab17ca30000", "modifiedDate" : "2018-09-13T10:45:44.635+0000", "version" : null, "inactive" : false, "name" : "Default_SelfHosted", "region" : null, "accessKey" : null, "secretKey" : null, "org" : { "id" : "8a8080dd65d25ac10165d289663a0a23", "createdBy" : "8a80808a657aacf801657ab17ca30000", "createdDate" : "2018-09-13T10:45:44.634+0000", "modifiedBy" : "8a80808a657aacf801657ab17ca30000", "modifiedDate" : "2018-09-13T10:45:44.634+0000", "version" : null, "inactive" : false, "name" : "shahanawaz60" }, "accountType" : "Self_Hosted", "prop1" : null, "prop2" : null, "prop3" : null, "allowedRegions" : [ ] } ], "totalPages" : 1, "totalElements" : 1 }

Logs :
Assertion [@ResponseTime >= 5000] failed, expected value [5000] but found [18] --- FX Bot ---

amjadafanah commented 6 years ago

Project : FX-SAAS-9

Job : Dev

Env : Dev

Region : FXLabs/US_WEST_1

Result : fail

Status Code : 200

Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDJkYWMyNTEtNmE1Ny00OTUzLTk1ZTUtNjRmNTExMzJjNTZl; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Thu, 20 Sep 2018 10:53:51 GMT]}

Endpoint : http://13.56.210.25/api/v1/accounts/

Request :

Response :
{ "requestId" : "None", "requestTime" : "2018-09-20T10:53:52.393+0000", "errors" : false, "messages" : [ ], "data" : [ { "id" : "8a80800c65f4ce160165f6929a8b3856", "createdBy" : "8a8080cf65e02c0f0165e031fa6b0000", "createdDate" : "2018-09-20T10:42:07.627+0000", "modifiedBy" : "8a8080cf65e02c0f0165e031fa6b0000", "modifiedDate" : "2018-09-20T10:42:07.627+0000", "version" : null, "inactive" : false, "name" : "RiyazTC-Walsh", "region" : null, "accessKey" : "Marc", "secretKey" : null, "org" : { "id" : "8a80800c65f4ce160165f68c25c034b9", "createdBy" : "8a8080cf65e02c0f0165e031fa6b0000", "createdDate" : "2018-09-20T10:35:04.512+0000", "modifiedBy" : "8a8080cf65e02c0f0165e031fa6b0000", "modifiedDate" : "2018-09-20T10:35:04.512+0000", "version" : null, "inactive" : false, "name" : "hello" }, "accountType" : "GitHub", "prop1" : null, "prop2" : null, "prop3" : null, "allowedRegions" : [ ] }, { "id" : "8a80800c65f4ce160165f68c25c134bb", "createdBy" : "8a8080cf65e02c0f0165e031fa6b0000", "createdDate" : "2018-09-20T10:35:04.513+0000", "modifiedBy" : "8a8080cf65e02c0f0165e031fa6b0000", "modifiedDate" : "2018-09-20T10:35:04.513+0000", "version" : null, "inactive" : false, "name" : "Default_SelfHosted", "region" : null, "accessKey" : null, "secretKey" : null, "org" : { "id" : "8a80800c65f4ce160165f68c25c034b9", "createdBy" : "8a8080cf65e02c0f0165e031fa6b0000", "createdDate" : "2018-09-20T10:35:04.512+0000", "modifiedBy" : "8a8080cf65e02c0f0165e031fa6b0000", "modifiedDate" : "2018-09-20T10:35:04.512+0000", "version" : null, "inactive" : false, "name" : "hello" }, "accountType" : "Self_Hosted", "prop1" : null, "prop2" : null, "prop3" : null, "allowedRegions" : [ ] } ], "totalPages" : 1, "totalElements" : 2 }

Logs :
Assertion [@ResponseTime >= 5000] failed, expected value [5000] but found [948] --- FX Bot ---