asriz7777
commented
5 years ago Message : This issue is manually closed from FX control plane.
Project : NET BANKING APP
Job : Default
Env : Default
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 405
Headers : {Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2YwNjJhMDQtNmNiYi00NWQ5LWJhZTktMGFjYWJkZWVjZDhj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Mon, 04 Feb 2019 16:26:12 GMT]}
Endpoint : http://54.215.136.217/api/v1/recepient/
Request :
Response :
{
"timestamp" : "2019-02-04T16:26:13.531+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/recepient/"
}
Logs :
Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [405 == 401 OR 405 == 403 OR == true] result [Failed]
--- FX Bot ---
Project : NET BANKING APP
Job : Default
Env : Default
Category : ABAC_Level3
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 405
Headers : {Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2YwNjJhMDQtNmNiYi00NWQ5LWJhZTktMGFjYWJkZWVjZDhj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Mon, 04 Feb 2019 16:26:12 GMT]}
Endpoint : http://54.215.136.217/api/v1/recepient/
Request :
Response :
{ "timestamp" : "2019-02-04T16:26:13.531+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/recepient/" }
Logs :
2019-02-04 04:26:09 DEBUG [ UsersCreateUserAInit] : URL [http://54.215.136.217/api/v1/users/enterprise-sign-up] 2019-02-04 04:26:09 DEBUG [ UsersCreateUserAInit] : Method [POST] 2019-02-04 04:26:09 DEBUG [ UsersCreateUserAInit] : Request [{ "accountNonExpired" : false, "accountNonLocked" : false, "company" : "Bruen Inc", "createdBy" : "", "createdDate" : "", "credentialsNonExpired" : false, "email" : "una.romaguera@yahoo.com", "enabled" : false, "id" : "", "inactive" : false, "jobTitle" : "Chief Marketing Assistant", "location" : "FtgOgNxY", "modifiedBy" : "", "modifiedDate" : "", "name" : "FtgOgNxY", "password" : "FtgOgNxY", "privileges" : [ ], "username" : "morton.stokes", "version" : "" }] 2019-02-04 04:26:09 DEBUG [ UsersCreateUserAInit] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic YWRtaW5AbmV0YmFua2luZy5pbzphZG1pbjEyMyQ=]}] 2019-02-04 04:26:09 DEBUG [ UsersCreateUserAInit] : Response [{ "requestId" : "None", "requestTime" : "2019-02-04T16:26:09.086+0000", "errors" : false, "messages" : [ { "type" : "INFO", "key" : "", "value" : "Sign-up successful!" } ], "data" : true, "totalPages" : 0, "totalElements" : 0 }] 2019-02-04 04:26:09 DEBUG [ UsersCreateUserAInit] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmQxOGU5MjctMTU3NS00OGI1LWE0MzMtYjIyYTNhODRlY2Iy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Mon, 04 Feb 2019 16:26:08 GMT]}] 2019-02-04 04:26:09 DEBUG [ UsersCreateUserAInit] : StatusCode [200] 2019-02-04 04:26:09 DEBUG [ UsersCreateUserAInit] : Time [4315] 2019-02-04 04:26:09 DEBUG [ UsersCreateUserAInit] : Size [193] 2019-02-04 04:26:09 DEBUG [UsersCreateUserAInit_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmQxOGU5MjctMTU3NS00OGI1LWE0MzMtYjIyYTNhODRlY2Iy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Mon, 04 Feb 2019 16:26:08 GMT]}] 2019-02-04 04:26:09 DEBUG [UsersCreateUserAInit_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmQxOGU5MjctMTU3NS00OGI1LWE0MzMtYjIyYTNhODRlY2Iy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Mon, 04 Feb 2019 16:26:08 GMT]}] 2019-02-04 04:26:09 DEBUG [UsersCreateUserAInit_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmQxOGU5MjctMTU3NS00OGI1LWE0MzMtYjIyYTNhODRlY2Iy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Mon, 04 Feb 2019 16:26:08 GMT]}] 2019-02-04 04:26:09 DEBUG [UsersCreateUserAInit_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmQxOGU5MjctMTU3NS00OGI1LWE0MzMtYjIyYTNhODRlY2Iy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Mon, 04 Feb 2019 16:26:08 GMT]}] 2019-02-04 04:26:11 DEBUG [ RecepientCreateUserAInit] : URL [http://54.215.136.217/api/v1/recepient] 2019-02-04 04:26:11 DEBUG [ RecepientCreateUserAInit] : Method [POST] 2019-02-04 04:26:11 DEBUG [ RecepientCreateUserAInit] : Request [{ "accountNumber" : "4s91SRAf", "createdBy" : "", "createdDate" : "", "description" : "4s91SRAf", "email" : "shanelle.johns@yahoo.com", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "4s91SRAf", "phone" : "818-386-8935", "users" : "true", "version" : "" }] 2019-02-04 04:26:11 DEBUG [ RecepientCreateUserAInit] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic YWRtaW5AbmV0YmFua2luZy5pbzphZG1pbjEyMyQ=]}] 2019-02-04 04:26:11 DEBUG [ RecepientCreateUserAInit] : Response [{ "requestId" : "None", "requestTime" : "2019-02-04T16:26:11.547+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : "", "value" : "could not extract ResultSet; SQL [n/a]; nested exception is org.hibernate.exception.SQLGrammarException: could not extract ResultSet" } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }] 2019-02-04 04:26:11 DEBUG [ RecepientCreateUserAInit] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjljMGQyNWItZTQzNy00MDI4LTk4Y2MtYWYxNGRmMTI2ZWI5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Mon, 04 Feb 2019 16:26:11 GMT]}] 2019-02-04 04:26:11 DEBUG [ RecepientCreateUserAInit] : StatusCode [200] 2019-02-04 04:26:11 DEBUG [ RecepientCreateUserAInit] : Time [2412] 2019-02-04 04:26:11 DEBUG [ RecepientCreateUserAInit] : Size [306] 2019-02-04 04:26:11 DEBUG [RecepientCreateUserAInit_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjljMGQyNWItZTQzNy00MDI4LTk4Y2MtYWYxNGRmMTI2ZWI5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Mon, 04 Feb 2019 16:26:11 GMT]}] 2019-02-04 04:26:11 DEBUG [RecepientCreateUserAInit_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjljMGQyNWItZTQzNy00MDI4LTk4Y2MtYWYxNGRmMTI2ZWI5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Mon, 04 Feb 2019 16:26:11 GMT]}] 2019-02-04 04:26:11 DEBUG [RecepientCreateUserAInit_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjljMGQyNWItZTQzNy00MDI4LTk4Y2MtYWYxNGRmMTI2ZWI5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Mon, 04 Feb 2019 16:26:11 GMT]}] 2019-02-04 04:26:11 DEBUG [RecepientCreateUserAInit_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NjljMGQyNWItZTQzNy00MDI4LTk4Y2MtYWYxNGRmMTI2ZWI5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Mon, 04 Feb 2019 16:26:11 GMT]}] 2019-02-04 04:26:13 DEBUG [ApiV1RecepientIdDeleteRecepientuserbDisallowAbact3] : URL [http://54.215.136.217/api/v1/recepient/] 2019-02-04 04:26:13 DEBUG [ApiV1RecepientIdDeleteRecepientuserbDisallowAbact3] : Method [DELETE] 2019-02-04 04:26:13 DEBUG [ApiV1RecepientIdDeleteRecepientuserbDisallowAbact3] : Request [] 2019-02-04 04:26:13 DEBUG [ApiV1RecepientIdDeleteRecepientuserbDisallowAbact3] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckJAb25saW5lc3VwcG9ydC5pbzphZG1pbjEyMyQ=]}] 2019-02-04 04:26:13 DEBUG [ApiV1RecepientIdDeleteRecepientuserbDisallowAbact3] : Response [{ "timestamp" : "2019-02-04T16:26:13.531+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/recepient/" }] 2019-02-04 04:26:13 DEBUG [ApiV1RecepientIdDeleteRecepientuserbDisallowAbact3] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=Y2YwNjJhMDQtNmNiYi00NWQ5LWJhZTktMGFjYWJkZWVjZDhj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Mon, 04 Feb 2019 16:26:12 GMT]}] 2019-02-04 04:26:13 DEBUG [ApiV1RecepientIdDeleteRecepientuserbDisallowAbact3] : StatusCode [405] 2019-02-04 04:26:13 DEBUG [ApiV1RecepientIdDeleteRecepientuserbDisallowAbact3] : Time [1905] 2019-02-04 04:26:13 DEBUG [ApiV1RecepientIdDeleteRecepientuserbDisallowAbact3] : Size [164] 2019-02-04 04:26:13 ERROR [ApiV1RecepientIdDeleteRecepientuserbDisallowAbact3] : Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [405 == 401 OR 405 == 403 OR == true] result [Failed] 2019-02-04 04:26:15 DEBUG [ApiV1RecepientIdDeleteRecepientabac3] : URL [http://54.215.136.217/api/v1/recepient/] 2019-02-04 04:26:15 DEBUG [ApiV1RecepientIdDeleteRecepientabac3] : Method [DELETE] 2019-02-04 04:26:15 DEBUG [ApiV1RecepientIdDeleteRecepientabac3] : Request [null] 2019-02-04 04:26:15 DEBUG [ApiV1RecepientIdDeleteRecepientabac3] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic YWRtaW5AbmV0YmFua2luZy5pbzphZG1pbjEyMyQ=]}] 2019-02-04 04:26:15 DEBUG [ApiV1RecepientIdDeleteRecepientabac3] : Response [{ "timestamp" : "2019-02-04T16:26:15.847+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/recepient/" }] 2019-02-04 04:26:15 DEBUG [ApiV1RecepientIdDeleteRecepientabac3] : Response-Headers [{Allow=[GET, POST, PUT], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YjZjZGM2MzYtMWI1MS00MDI3LTg4ZDAtNWIxM2IxNzEyY2Zi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Mon, 04 Feb 2019 16:26:14 GMT]}] 2019-02-04 04:26:15 DEBUG [ApiV1RecepientIdDeleteRecepientabac3] : StatusCode [405] 2019-02-04 04:26:15 DEBUG [ApiV1RecepientIdDeleteRecepientabac3] : Time [2316] 2019-02-04 04:26:15 DEBUG [ApiV1RecepientIdDeleteRecepientabac3] : Size [164] 2019-02-04 04:26:15 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---