Open asriz7777 opened 5 years ago
Project : FXABAC TEST
Template : NullPutNotificationuserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 500
Headers : {}
Endpoint : http://13.56.210.25null
Request :
{
"accessKey" : "qFeqHdyn",
"account" : "",
"channel" : "qFeqHdyn",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "qFeqHdyn",
"org" : "",
"secretKey" : "qFeqHdyn",
"token" : "qFeqHdyn",
"type" : "EMAIL",
"version" : "",
"visibility" : "PRIVATE"
}
Response :
I/O error on PUT request for "http://13.56.210.25null": 13.56.210.25null: Name or service not known; nested exception is java.net.UnknownHostException: 13.56.210.25null: Name or service not known
Logs :
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "LP5acI1Z",
"company" : "Strosin, Strosin and Strosin",
"createdBy" : "",
"createdDate" : "",
"description" : "LP5acI1Z",
"id" : "",
"inactive" : false,
"location" : "LP5acI1Z",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "LP5acI1Z",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:24.223+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YWI4ZjM3MDMtZjA3MS00YzcxLTgwMDYtYWFiYmE4ZjNkMDIy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:23 GMT]}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Time [1270]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:44:24 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YWI4ZjM3MDMtZjA3MS00YzcxLTgwMDYtYWFiYmE4ZjNkMDIy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:23 GMT]}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YWI4ZjM3MDMtZjA3MS00YzcxLTgwMDYtYWFiYmE4ZjNkMDIy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:23 GMT]}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YWI4ZjM3MDMtZjA3MS00YzcxLTgwMDYtYWFiYmE4ZjNkMDIy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:23 GMT]}]
2019-03-20 10:44:24 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YWI4ZjM3MDMtZjA3MS00YzcxLTgwMDYtYWFiYmE4ZjNkMDIy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:23 GMT]}]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "Oei217lb",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "Oei217lb",
"org" : "",
"prop1" : "Oei217lb",
"prop2" : "Oei217lb",
"prop3" : "Oei217lb",
"region" : "Oei217lb",
"secretKey" : "Oei217lb",
"version" : ""
}]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:24.978+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODZlNTYzY2QtYjMwNS00ODUwLTgxM2ItZmU3MTI0NTkyOWU4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1] : Time [753]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:44:25 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODZlNTYzY2QtYjMwNS00ODUwLTgxM2ItZmU3MTI0NTkyOWU4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODZlNTYzY2QtYjMwNS00ODUwLTgxM2ItZmU3MTI0NTkyOWU4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODZlNTYzY2QtYjMwNS00ODUwLTgxM2ItZmU3MTI0NTkyOWU4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ODZlNTYzY2QtYjMwNS00ODUwLTgxM2ItZmU3MTI0NTkyOWU4; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [NotificationCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/notifications]
2019-03-20 10:44:25 DEBUG [NotificationCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:25 DEBUG [NotificationCreateUserBInitHijack1] : Request [{
"accessKey" : "gnp6WR5P",
"account" : "",
"channel" : "gnp6WR5P",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "gnp6WR5P",
"org" : "",
"secretKey" : "gnp6WR5P",
"token" : "gnp6WR5P",
"type" : "EMAIL",
"version" : "",
"visibility" : "PRIVATE"
}]
2019-03-20 10:44:25 DEBUG [NotificationCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:25 DEBUG [NotificationCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:25.578+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 3, column: 15] (through reference chain: com.fxlabs.fxt.dto.notify.Notification[\"account\"])",
"path" : "/api/v1/notifications"
}]
2019-03-20 10:44:25 DEBUG [NotificationCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTEzZTk0ZTEtZjg1NS00OWI3LThmMDYtODY4MDNmMzQxMWMz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [NotificationCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:25 DEBUG [NotificationCreateUserBInitHijack1] : Time [598]
2019-03-20 10:44:25 DEBUG [NotificationCreateUserBInitHijack1] : Size [753]
2019-03-20 10:44:25 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:25 DEBUG [NotificationCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTEzZTk0ZTEtZjg1NS00OWI3LThmMDYtODY4MDNmMzQxMWMz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [NotificationCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTEzZTk0ZTEtZjg1NS00OWI3LThmMDYtODY4MDNmMzQxMWMz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [NotificationCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTEzZTk0ZTEtZjg1NS00OWI3LThmMDYtODY4MDNmMzQxMWMz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:25 DEBUG [NotificationCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTEzZTk0ZTEtZjg1NS00OWI3LThmMDYtODY4MDNmMzQxMWMz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:24 GMT]}]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1] : Request [{
"billingEmail" : "pZ7MZQYt",
"company" : "Maggio, Maggio and Maggio",
"createdBy" : "",
"createdDate" : "",
"description" : "pZ7MZQYt",
"id" : "",
"inactive" : false,
"location" : "pZ7MZQYt",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "pZ7MZQYt",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:26.333+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmJjMGY3MDktOGUyYS00MDM1LTkzYjMtZjE2ZTRiOWZkNDJj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1] : StatusCode [403]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1] : Time [531]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1] : Size [121]
2019-03-20 10:44:26 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmJjMGY3MDktOGUyYS00MDM1LTkzYjMtZjE2ZTRiOWZkNDJj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmJjMGY3MDktOGUyYS00MDM1LTkzYjMtZjE2ZTRiOWZkNDJj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmJjMGY3MDktOGUyYS00MDM1LTkzYjMtZjE2ZTRiOWZkNDJj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZmJjMGY3MDktOGUyYS00MDM1LTkzYjMtZjE2ZTRiOWZkNDJj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1] : Request [{
"accessKey" : "peT7awoa",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "peT7awoa",
"org" : "",
"prop1" : "peT7awoa",
"prop2" : "peT7awoa",
"prop3" : "peT7awoa",
"region" : "peT7awoa",
"secretKey" : "peT7awoa",
"version" : ""
}]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:26.751+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTg3ODhlZTMtNThhOS00MWQxLWJmMDItY2QzMTkwZDU1YmY5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1] : StatusCode [400]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1] : Time [417]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1] : Size [722]
2019-03-20 10:44:26 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTg3ODhlZTMtNThhOS00MWQxLWJmMDItY2QzMTkwZDU1YmY5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTg3ODhlZTMtNThhOS00MWQxLWJmMDItY2QzMTkwZDU1YmY5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTg3ODhlZTMtNThhOS00MWQxLWJmMDItY2QzMTkwZDU1YmY5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTg3ODhlZTMtNThhOS00MWQxLWJmMDItY2QzMTkwZDU1YmY5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:25 GMT]}]
2019-03-20 10:44:26 DEBUG [NullPutNotificationuserbDisallowHijack1] : URL [http://13.56.210.25null]
2019-03-20 10:44:26 DEBUG [NullPutNotificationuserbDisallowHijack1] : Method [PUT]
2019-03-20 10:44:26 DEBUG [NullPutNotificationuserbDisallowHijack1] : Request [{
"accessKey" : "qFeqHdyn",
"account" : "",
"channel" : "qFeqHdyn",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "qFeqHdyn",
"org" : "",
"secretKey" : "qFeqHdyn",
"token" : "qFeqHdyn",
"type" : "EMAIL",
"version" : "",
"visibility" : "PRIVATE"
}]
2019-03-20 10:44:26 DEBUG [NullPutNotificationuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:26 DEBUG [NullPutNotificationuserbDisallowHijack1] : Response [I/O error on PUT request for "http://13.56.210.25null": 13.56.210.25null: Name or service not known; nested exception is java.net.UnknownHostException: 13.56.210.25null: Name or service not known]
2019-03-20 10:44:26 DEBUG [NullPutNotificationuserbDisallowHijack1] : Response-Headers [{}]
2019-03-20 10:44:26 DEBUG [NullPutNotificationuserbDisallowHijack1] : StatusCode [500]
2019-03-20 10:44:26 DEBUG [NullPutNotificationuserbDisallowHijack1] : Time [8]
2019-03-20 10:44:26 DEBUG [NullPutNotificationuserbDisallowHijack1] : Size [195]
2019-03-20 10:44:26 ERROR [NullPutNotificationuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [500 == 401 OR 500 == 403] result [Failed]
2019-03-20 10:44:27 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : URL [http://13.56.210.25/api/v1/notifications/]
2019-03-20 10:44:27 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Method [DELETE]
2019-03-20 10:44:27 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Request [null]
2019-03-20 10:44:27 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:27 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Response [{
"timestamp" : "2019-03-20T10:44:27.343+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/notifications/"
}]
2019-03-20 10:44:27 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzM0NjJmYjItZDU5NS00NTNmLTk0YTMtNTg2NjhjZjQ2Yjk0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:26 GMT]}]
2019-03-20 10:44:27 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : StatusCode [405]
2019-03-20 10:44:27 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Time [587]
2019-03-20 10:44:27 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Size [168]
2019-03-20 10:44:27 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:28 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:44:28 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:44:28 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:44:28 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:28 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:44:28.124+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:44:28 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTBhZjViMjItODc4Mi00NjIyLTk3NTEtN2Y0M2EzMGFkMDZj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:27 GMT]}]
2019-03-20 10:44:28 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:44:28 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [771]
2019-03-20 10:44:28 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:44:28 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:44:28 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:44:28 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:44:28 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:44:28 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:28 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:44:28.664+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:44:28 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MmFiZWUxYzAtZGVkOC00ZmE0LTg4NzgtYTY1ZmRhY2UyYmIy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:27 GMT]}]
2019-03-20 10:44:28 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:44:28 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [539]
2019-03-20 10:44:28 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:44:28 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : NullPutNotificationuserbDisallowHijack1
Run Id : 8a808011699a990101699ab3901a2277
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 500
Headers : {}
Endpoint : http://13.56.210.25null
Request :
{
"accessKey" : "fEs7AOOk",
"account" : "",
"channel" : "fEs7AOOk",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "fEs7AOOk",
"org" : "",
"secretKey" : "fEs7AOOk",
"token" : "fEs7AOOk",
"type" : "EMAIL",
"version" : "",
"visibility" : "PRIVATE"
}
Response :
I/O error on PUT request for "http://13.56.210.25null": 13.56.210.25null; nested exception is java.net.UnknownHostException: 13.56.210.25null
Logs :
2019-03-20 10:44:57 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:44:57 DEBUG [OrgCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:57 DEBUG [OrgCreateUserBInitHijack1] : Request [{
"billingEmail" : "ALCqf5jq",
"company" : "Huel-Huel",
"createdBy" : "",
"createdDate" : "",
"description" : "ALCqf5jq",
"id" : "",
"inactive" : false,
"location" : "ALCqf5jq",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "ALCqf5jq",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:44:57 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:57 DEBUG [OrgCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:57.456+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:44:57 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWEyNTNjYTMtMTdhOC00NmFmLWJjNDktZTcyMjU3MmQyMjAz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:57 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403]
2019-03-20 10:44:57 DEBUG [OrgCreateUserBInitHijack1] : Time [1443]
2019-03-20 10:44:57 DEBUG [OrgCreateUserBInitHijack1] : Size [121]
2019-03-20 10:44:57 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:44:57 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWEyNTNjYTMtMTdhOC00NmFmLWJjNDktZTcyMjU3MmQyMjAz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:57 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWEyNTNjYTMtMTdhOC00NmFmLWJjNDktZTcyMjU3MmQyMjAz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:57 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWEyNTNjYTMtMTdhOC00NmFmLWJjNDktZTcyMjU3MmQyMjAz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:57 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MWEyNTNjYTMtMTdhOC00NmFmLWJjNDktZTcyMjU3MmQyMjAz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:56 GMT]}]
2019-03-20 10:44:58 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:44:58 DEBUG [AccountCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:58 DEBUG [AccountCreateUserBInitHijack1] : Request [{
"accessKey" : "Zewj3Roh",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "Zewj3Roh",
"org" : "",
"prop1" : "Zewj3Roh",
"prop2" : "Zewj3Roh",
"prop3" : "Zewj3Roh",
"region" : "Zewj3Roh",
"secretKey" : "Zewj3Roh",
"version" : ""
}]
2019-03-20 10:44:58 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:58 DEBUG [AccountCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:58.707+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:44:58 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWZhNWVkNzktOGUyYS00YWYzLTljNmMtMjFlYjYwZWZlNTAy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:58 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:58 DEBUG [AccountCreateUserBInitHijack1] : Time [1249]
2019-03-20 10:44:58 DEBUG [AccountCreateUserBInitHijack1] : Size [722]
2019-03-20 10:44:58 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:58 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWZhNWVkNzktOGUyYS00YWYzLTljNmMtMjFlYjYwZWZlNTAy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:58 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWZhNWVkNzktOGUyYS00YWYzLTljNmMtMjFlYjYwZWZlNTAy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:58 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWZhNWVkNzktOGUyYS00YWYzLTljNmMtMjFlYjYwZWZlNTAy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:58 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWZhNWVkNzktOGUyYS00YWYzLTljNmMtMjFlYjYwZWZlNTAy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:57 GMT]}]
2019-03-20 10:44:59 DEBUG [NotificationCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/notifications]
2019-03-20 10:44:59 DEBUG [NotificationCreateUserBInitHijack1] : Method [POST]
2019-03-20 10:44:59 DEBUG [NotificationCreateUserBInitHijack1] : Request [{
"accessKey" : "Vcmqqet6",
"account" : "",
"channel" : "Vcmqqet6",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "Vcmqqet6",
"org" : "",
"secretKey" : "Vcmqqet6",
"token" : "Vcmqqet6",
"type" : "EMAIL",
"version" : "",
"visibility" : "PRIVATE"
}]
2019-03-20 10:44:59 DEBUG [NotificationCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:44:59 DEBUG [NotificationCreateUserBInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:44:59.728+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 3, column: 15] (through reference chain: com.fxlabs.fxt.dto.notify.Notification[\"account\"])",
"path" : "/api/v1/notifications"
}]
2019-03-20 10:44:59 DEBUG [NotificationCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzMzMGE5ZDAtY2Y3My00NjlmLWIwY2YtMDA1NWU5ODViMDE0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:44:59 DEBUG [NotificationCreateUserBInitHijack1] : StatusCode [400]
2019-03-20 10:44:59 DEBUG [NotificationCreateUserBInitHijack1] : Time [1018]
2019-03-20 10:44:59 DEBUG [NotificationCreateUserBInitHijack1] : Size [753]
2019-03-20 10:44:59 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:44:59 DEBUG [NotificationCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzMzMGE5ZDAtY2Y3My00NjlmLWIwY2YtMDA1NWU5ODViMDE0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:44:59 DEBUG [NotificationCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzMzMGE5ZDAtY2Y3My00NjlmLWIwY2YtMDA1NWU5ODViMDE0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:44:59 DEBUG [NotificationCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzMzMGE5ZDAtY2Y3My00NjlmLWIwY2YtMDA1NWU5ODViMDE0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:44:59 DEBUG [NotificationCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YzMzMGE5ZDAtY2Y3My00NjlmLWIwY2YtMDA1NWU5ODViMDE0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:44:58 GMT]}]
2019-03-20 10:45:01 DEBUG [OrgCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/orgs]
2019-03-20 10:45:01 DEBUG [OrgCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:45:01 DEBUG [OrgCreateUserAInitHijack1] : Request [{
"billingEmail" : "5Hc3H30z",
"company" : "Zemlak Group",
"createdBy" : "",
"createdDate" : "",
"description" : "5Hc3H30z",
"id" : "",
"inactive" : false,
"location" : "5Hc3H30z",
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "5Hc3H30z",
"orgPlan" : "TEAM",
"orgType" : "ENTERPRISE",
"version" : ""
}]
2019-03-20 10:45:01 DEBUG [OrgCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:01 DEBUG [OrgCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:01.196+0000",
"status" : 403,
"error" : "Forbidden",
"message" : "Forbidden",
"path" : "/api/v1/orgs"
}]
2019-03-20 10:45:01 DEBUG [OrgCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWJhMzg0NjEtMzQ0YS00MjFhLThmZGUtMzkzN2MxYzljYjMy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:01 DEBUG [OrgCreateUserAInitHijack1] : StatusCode [403]
2019-03-20 10:45:01 DEBUG [OrgCreateUserAInitHijack1] : Time [1347]
2019-03-20 10:45:01 DEBUG [OrgCreateUserAInitHijack1] : Size [121]
2019-03-20 10:45:01 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed]
2019-03-20 10:45:01 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWJhMzg0NjEtMzQ0YS00MjFhLThmZGUtMzkzN2MxYzljYjMy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:01 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWJhMzg0NjEtMzQ0YS00MjFhLThmZGUtMzkzN2MxYzljYjMy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:01 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWJhMzg0NjEtMzQ0YS00MjFhLThmZGUtMzkzN2MxYzljYjMy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:01 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZWJhMzg0NjEtMzQ0YS00MjFhLThmZGUtMzkzN2MxYzljYjMy; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:00 GMT]}]
2019-03-20 10:45:02 DEBUG [AccountCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/accounts]
2019-03-20 10:45:02 DEBUG [AccountCreateUserAInitHijack1] : Method [POST]
2019-03-20 10:45:02 DEBUG [AccountCreateUserAInitHijack1] : Request [{
"accessKey" : "mYvZMFS7",
"accountType" : "GitLab",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "mYvZMFS7",
"org" : "",
"prop1" : "mYvZMFS7",
"prop2" : "mYvZMFS7",
"prop3" : "mYvZMFS7",
"region" : "mYvZMFS7",
"secretKey" : "mYvZMFS7",
"version" : ""
}]
2019-03-20 10:45:02 DEBUG [AccountCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:02 DEBUG [AccountCreateUserAInitHijack1] : Response [{
"timestamp" : "2019-03-20T10:45:02.709+0000",
"status" : 400,
"error" : "Bad Request",
"message" : "JSON parse error: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])",
"path" : "/api/v1/accounts"
}]
2019-03-20 10:45:02 DEBUG [AccountCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjZkNDJiZTYtMDVjOS00MzM4LWIwMWEtZmFhZTI5MTA2NGY0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:01 GMT]}]
2019-03-20 10:45:02 DEBUG [AccountCreateUserAInitHijack1] : StatusCode [400]
2019-03-20 10:45:02 DEBUG [AccountCreateUserAInitHijack1] : Time [1583]
2019-03-20 10:45:02 DEBUG [AccountCreateUserAInitHijack1] : Size [722]
2019-03-20 10:45:02 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed]
2019-03-20 10:45:02 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjZkNDJiZTYtMDVjOS00MzM4LWIwMWEtZmFhZTI5MTA2NGY0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:01 GMT]}]
2019-03-20 10:45:02 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjZkNDJiZTYtMDVjOS00MzM4LWIwMWEtZmFhZTI5MTA2NGY0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:01 GMT]}]
2019-03-20 10:45:02 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjZkNDJiZTYtMDVjOS00MzM4LWIwMWEtZmFhZTI5MTA2NGY0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:01 GMT]}]
2019-03-20 10:45:02 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjZkNDJiZTYtMDVjOS00MzM4LWIwMWEtZmFhZTI5MTA2NGY0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:01 GMT]}]
2019-03-20 10:45:02 DEBUG [NullPutNotificationuserbDisallowHijack1] : URL [http://13.56.210.25null]
2019-03-20 10:45:02 DEBUG [NullPutNotificationuserbDisallowHijack1] : Method [PUT]
2019-03-20 10:45:02 DEBUG [NullPutNotificationuserbDisallowHijack1] : Request [{
"accessKey" : "fEs7AOOk",
"account" : "",
"channel" : "fEs7AOOk",
"createdBy" : "",
"createdDate" : "",
"id" : "",
"inactive" : false,
"modifiedBy" : "",
"modifiedDate" : "",
"name" : "fEs7AOOk",
"org" : "",
"secretKey" : "fEs7AOOk",
"token" : "fEs7AOOk",
"type" : "EMAIL",
"version" : "",
"visibility" : "PRIVATE"
}]
2019-03-20 10:45:02 DEBUG [NullPutNotificationuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:02 DEBUG [NullPutNotificationuserbDisallowHijack1] : Response [I/O error on PUT request for "http://13.56.210.25null": 13.56.210.25null; nested exception is java.net.UnknownHostException: 13.56.210.25null]
2019-03-20 10:45:02 DEBUG [NullPutNotificationuserbDisallowHijack1] : Response-Headers [{}]
2019-03-20 10:45:02 DEBUG [NullPutNotificationuserbDisallowHijack1] : StatusCode [500]
2019-03-20 10:45:02 DEBUG [NullPutNotificationuserbDisallowHijack1] : Time [4]
2019-03-20 10:45:02 DEBUG [NullPutNotificationuserbDisallowHijack1] : Size [141]
2019-03-20 10:45:02 ERROR [NullPutNotificationuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [500 == 401 OR 500 == 403] result [Failed]
2019-03-20 10:45:04 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : URL [http://13.56.210.25/api/v1/notifications/]
2019-03-20 10:45:04 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Method [DELETE]
2019-03-20 10:45:04 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Request [null]
2019-03-20 10:45:04 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:04 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Response [{
"timestamp" : "2019-03-20T10:45:04.284+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/notifications/"
}]
2019-03-20 10:45:04 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MzQyNTkwZmMtM2QzOC00ODQzLWJmY2QtMWRhOWNiMDNmYWVj; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:04 GMT]}]
2019-03-20 10:45:04 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : StatusCode [405]
2019-03-20 10:45:04 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Time [1495]
2019-03-20 10:45:04 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Size [168]
2019-03-20 10:45:04 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:05 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/]
2019-03-20 10:45:05 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE]
2019-03-20 10:45:05 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null]
2019-03-20 10:45:05 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:05 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{
"timestamp" : "2019-03-20T10:45:05.441+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/accounts/"
}]
2019-03-20 10:45:05 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MDllOWE5MzYtZDY4Yi00YmRkLTg5M2YtODE1NDdmZmVmMmYx; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:05 GMT]}]
2019-03-20 10:45:05 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405]
2019-03-20 10:45:05 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [1158]
2019-03-20 10:45:05 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163]
2019-03-20 10:45:05 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
2019-03-20 10:45:07 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/]
2019-03-20 10:45:07 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE]
2019-03-20 10:45:07 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null]
2019-03-20 10:45:07 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}]
2019-03-20 10:45:07 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{
"timestamp" : "2019-03-20T10:45:07.042+0000",
"status" : 405,
"error" : "Method Not Allowed",
"message" : "Request method 'DELETE' not supported",
"path" : "/api/v1/orgs/"
}]
2019-03-20 10:45:07 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGJmNDAxMzgtODBlOC00YTU4LWFjNDgtZmUyOTE3NDc2N2Iz; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:45:07 GMT]}]
2019-03-20 10:45:07 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405]
2019-03-20 10:45:07 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [1602]
2019-03-20 10:45:07 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159]
2019-03-20 10:45:07 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]
--- FX Bot ---
Project : FXABAC TEST
Template : NullPutNotificationuserbDisallowHijack1
Run Id : 8a808011699a990101699ab0f9761b20
Job : Default
Env : Default
Category : Hijack_Level1
Tags : [FX Top 10 - API Vulnerability, Data_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 500
Headers : {}
Endpoint : http://13.56.210.25null
Request :
{ "accessKey" : "vMjwDywX", "account" : "", "channel" : "vMjwDywX", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "vMjwDywX", "org" : "", "secretKey" : "vMjwDywX", "token" : "vMjwDywX", "type" : "EMAIL", "version" : "", "visibility" : "PRIVATE" }
Response :
I/O error on PUT request for "http://13.56.210.25null": 13.56.210.25null: Name or service not known; nested exception is java.net.UnknownHostException: 13.56.210.25null: Name or service not known
Logs :
2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/orgs] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Request [{ "billingEmail" : "s6eaYLvI", "company" : "Fisher Inc", "createdBy" : "", "createdDate" : "", "description" : "s6eaYLvI", "id" : "", "inactive" : false, "location" : "s6eaYLvI", "modifiedBy" : "", "modifiedDate" : "", "name" : "s6eaYLvI", "orgPlan" : "TEAM", "orgType" : "ENTERPRISE", "version" : "" }] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:33.227+0000", "status" : 403, "error" : "Forbidden", "message" : "Forbidden", "path" : "/api/v1/orgs" }] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmYzZWZmYTktZDE4MC00ODM3LTk0ZTEtZTE4ZjhjYjE0M2Ew; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : StatusCode [403] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Time [463] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1] : Size [121] 2019-03-20 10:41:33 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmYzZWZmYTktZDE4MC00ODM3LTk0ZTEtZTE4ZjhjYjE0M2Ew; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmYzZWZmYTktZDE4MC00ODM3LTk0ZTEtZTE4ZjhjYjE0M2Ew; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmYzZWZmYTktZDE4MC00ODM3LTk0ZTEtZTE4ZjhjYjE0M2Ew; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [OrgCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmYzZWZmYTktZDE4MC00ODM3LTk0ZTEtZTE4ZjhjYjE0M2Ew; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/accounts] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1] : Request [{ "accessKey" : "TcUkSbM4", "accountType" : "GitLab", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "TcUkSbM4", "org" : "", "prop1" : "TcUkSbM4", "prop2" : "TcUkSbM4", "prop3" : "TcUkSbM4", "region" : "TcUkSbM4", "secretKey" : "TcUkSbM4", "version" : "" }] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:33.865+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance of
com.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])", "path" : "/api/v1/accounts" }] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjliZDVjNjUtMDY4MC00MDlhLWFmZjEtYzg5MmI2MTY5NGE2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1] : Time [709] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1] : Size [722] 2019-03-20 10:41:33 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjliZDVjNjUtMDY4MC00MDlhLWFmZjEtYzg5MmI2MTY5NGE2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjliZDVjNjUtMDY4MC00MDlhLWFmZjEtYzg5MmI2MTY5NGE2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjliZDVjNjUtMDY4MC00MDlhLWFmZjEtYzg5MmI2MTY5NGE2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:33 DEBUG [AccountCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=MjliZDVjNjUtMDY4MC00MDlhLWFmZjEtYzg5MmI2MTY5NGE2; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:32 GMT]}] 2019-03-20 10:41:34 DEBUG [NotificationCreateUserBInitHijack1] : URL [http://13.56.210.25/api/v1/notifications] 2019-03-20 10:41:34 DEBUG [NotificationCreateUserBInitHijack1] : Method [POST] 2019-03-20 10:41:34 DEBUG [NotificationCreateUserBInitHijack1] : Request [{ "accessKey" : "h2PpGiJr", "account" : "", "channel" : "h2PpGiJr", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "h2PpGiJr", "org" : "", "secretKey" : "h2PpGiJr", "token" : "h2PpGiJr", "type" : "EMAIL", "version" : "", "visibility" : "PRIVATE" }] 2019-03-20 10:41:34 DEBUG [NotificationCreateUserBInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:34 DEBUG [NotificationCreateUserBInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:34.699+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.AccountMinimalDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 3, column: 15] (through reference chain: com.fxlabs.fxt.dto.notify.Notification[\"account\"])", "path" : "/api/v1/notifications" }] 2019-03-20 10:41:34 DEBUG [NotificationCreateUserBInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmJiYTE1NjYtYjc0Ni00ZWIwLTllY2ItM2MxYTUzZGUzZGFi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:34 DEBUG [NotificationCreateUserBInitHijack1] : StatusCode [400] 2019-03-20 10:41:34 DEBUG [NotificationCreateUserBInitHijack1] : Time [751] 2019-03-20 10:41:34 DEBUG [NotificationCreateUserBInitHijack1] : Size [753] 2019-03-20 10:41:34 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:34 DEBUG [NotificationCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmJiYTE1NjYtYjc0Ni00ZWIwLTllY2ItM2MxYTUzZGUzZGFi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:34 DEBUG [NotificationCreateUserBInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmJiYTE1NjYtYjc0Ni00ZWIwLTllY2ItM2MxYTUzZGUzZGFi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:34 DEBUG [NotificationCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmJiYTE1NjYtYjc0Ni00ZWIwLTllY2ItM2MxYTUzZGUzZGFi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:34 DEBUG [NotificationCreateUserBInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NmJiYTE1NjYtYjc0Ni00ZWIwLTllY2ItM2MxYTUzZGUzZGFi; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:34 GMT]}] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/orgs] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1] : Method [POST] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1] : Request [{ "billingEmail" : "dwI2NodY", "company" : "Flatley, Flatley and Flatley", "createdBy" : "", "createdDate" : "", "description" : "dwI2NodY", "id" : "", "inactive" : false, "location" : "dwI2NodY", "modifiedBy" : "", "modifiedDate" : "", "name" : "dwI2NodY", "orgPlan" : "TEAM", "orgType" : "ENTERPRISE", "version" : "" }] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:35.510+0000", "status" : 403, "error" : "Forbidden", "message" : "Forbidden", "path" : "/api/v1/orgs" }] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzBmMGRlNzgtZGEzOC00MWYyLTkzMGQtNGJkOGU0M2Y2NzE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1] : StatusCode [403] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1] : Time [732] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1] : Size [121] 2019-03-20 10:41:35 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [403 == 200 OR 403 == 201] result [Failed] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzBmMGRlNzgtZGEzOC00MWYyLTkzMGQtNGJkOGU0M2Y2NzE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzBmMGRlNzgtZGEzOC00MWYyLTkzMGQtNGJkOGU0M2Y2NzE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzBmMGRlNzgtZGEzOC00MWYyLTkzMGQtNGJkOGU0M2Y2NzE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:35 DEBUG [OrgCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=NzBmMGRlNzgtZGEzOC00MWYyLTkzMGQtNGJkOGU0M2Y2NzE5; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:36 DEBUG [AccountCreateUserAInitHijack1] : URL [http://13.56.210.25/api/v1/accounts] 2019-03-20 10:41:36 DEBUG [AccountCreateUserAInitHijack1] : Method [POST] 2019-03-20 10:41:36 DEBUG [AccountCreateUserAInitHijack1] : Request [{ "accessKey" : "vIsjHjek", "accountType" : "GitLab", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "vIsjHjek", "org" : "", "prop1" : "vIsjHjek", "prop2" : "vIsjHjek", "prop3" : "vIsjHjek", "region" : "vIsjHjek", "secretKey" : "vIsjHjek", "version" : "" }] 2019-03-20 10:41:36 DEBUG [AccountCreateUserAInitHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:36 DEBUG [AccountCreateUserAInitHijack1] : Response [{ "timestamp" : "2019-03-20T10:41:36.116+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value (''); nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance ofcom.fxlabs.fxt.dto.base.NameDto
(although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('')\n at [Source: (PushbackInputStream); line: 11, column: 11] (through reference chain: com.fxlabs.fxt.dto.clusters.Account[\"org\"])", "path" : "/api/v1/accounts" }] 2019-03-20 10:41:36 DEBUG [AccountCreateUserAInitHijack1] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTM4MzhmNjItNTVhNC00YzdkLTkyZmUtZDJiYjU5ZTI2MDIw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:36 DEBUG [AccountCreateUserAInitHijack1] : StatusCode [400] 2019-03-20 10:41:36 DEBUG [AccountCreateUserAInitHijack1] : Time [604] 2019-03-20 10:41:36 DEBUG [AccountCreateUserAInitHijack1] : Size [722] 2019-03-20 10:41:36 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [400 == 200 OR 400 == 201] result [Failed] 2019-03-20 10:41:36 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTM4MzhmNjItNTVhNC00YzdkLTkyZmUtZDJiYjU5ZTI2MDIw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:36 DEBUG [AccountCreateUserAInitHijack1_Headers] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTM4MzhmNjItNTVhNC00YzdkLTkyZmUtZDJiYjU5ZTI2MDIw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:36 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTM4MzhmNjItNTVhNC00YzdkLTkyZmUtZDJiYjU5ZTI2MDIw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:36 DEBUG [AccountCreateUserAInitHijack1_Headers[2]] : Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=YTM4MzhmNjItNTVhNC00YzdkLTkyZmUtZDJiYjU5ZTI2MDIw; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:35 GMT]}] 2019-03-20 10:41:36 DEBUG [NullPutNotificationuserbDisallowHijack1] : URL [http://13.56.210.25null] 2019-03-20 10:41:36 DEBUG [NullPutNotificationuserbDisallowHijack1] : Method [PUT] 2019-03-20 10:41:36 DEBUG [NullPutNotificationuserbDisallowHijack1] : Request [{ "accessKey" : "vMjwDywX", "account" : "", "channel" : "vMjwDywX", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "vMjwDywX", "org" : "", "secretKey" : "vMjwDywX", "token" : "vMjwDywX", "type" : "EMAIL", "version" : "", "visibility" : "PRIVATE" }] 2019-03-20 10:41:36 DEBUG [NullPutNotificationuserbDisallowHijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:36 DEBUG [NullPutNotificationuserbDisallowHijack1] : Response [I/O error on PUT request for "http://13.56.210.25null": 13.56.210.25null: Name or service not known; nested exception is java.net.UnknownHostException: 13.56.210.25null: Name or service not known] 2019-03-20 10:41:36 DEBUG [NullPutNotificationuserbDisallowHijack1] : Response-Headers [{}] 2019-03-20 10:41:36 DEBUG [NullPutNotificationuserbDisallowHijack1] : StatusCode [500] 2019-03-20 10:41:36 DEBUG [NullPutNotificationuserbDisallowHijack1] : Time [61] 2019-03-20 10:41:36 DEBUG [NullPutNotificationuserbDisallowHijack1] : Size [195] 2019-03-20 10:41:36 ERROR [NullPutNotificationuserbDisallowHijack1] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [500 == 401 OR 500 == 403] result [Failed] 2019-03-20 10:41:36 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : URL [http://13.56.210.25/api/v1/notifications/] 2019-03-20 10:41:36 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Method [DELETE] 2019-03-20 10:41:36 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Request [null] 2019-03-20 10:41:36 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:36 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Response [{ "timestamp" : "2019-03-20T10:41:36.670+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/notifications/" }] 2019-03-20 10:41:36 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZTIxNjAzOTEtNDAwNy00OTA4LTkxODAtNWI1NDQzNDE2NWU0; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:36 GMT]}] 2019-03-20 10:41:36 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : StatusCode [405] 2019-03-20 10:41:36 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Time [490] 2019-03-20 10:41:36 DEBUG [ApiV1NotificationsIdDeleteNotificationhijack1] : Size [168] 2019-03-20 10:41:36 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:37 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : URL [http://13.56.210.25/api/v1/accounts/] 2019-03-20 10:41:37 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Method [DELETE] 2019-03-20 10:41:37 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request [null] 2019-03-20 10:41:37 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:37 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response [{ "timestamp" : "2019-03-20T10:41:37.081+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/accounts/" }] 2019-03-20 10:41:37 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=ZGI2ZjM4MzYtNTJlYy00OGRmLTg3M2MtNGUyYTJlM2E0ZjVh; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:36 GMT]}] 2019-03-20 10:41:37 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : StatusCode [405] 2019-03-20 10:41:37 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Time [410] 2019-03-20 10:41:37 DEBUG [ApiV1AccountsIdDeleteAccounthijack1] : Size [163] 2019-03-20 10:41:37 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed] 2019-03-20 10:41:37 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : URL [http://13.56.210.25/api/v1/orgs/] 2019-03-20 10:41:37 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Method [DELETE] 2019-03-20 10:41:37 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request [null] 2019-03-20 10:41:37 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic T1JHQi8vdXNlckJAdGVzdGxhYnMuaW86b3JnMTIzNCQ=]}] 2019-03-20 10:41:37 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response [{ "timestamp" : "2019-03-20T10:41:37.574+0000", "status" : 405, "error" : "Method Not Allowed", "message" : "Request method 'DELETE' not supported", "path" : "/api/v1/orgs/" }] 2019-03-20 10:41:37 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Response-Headers [{Allow=[GET, POST], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Set-Cookie=[SESSION=OWQyMDUzNDMtY2MyNC00MTRmLWIwMTctNDkyNmEzY2E3ODI3; Path=/; HttpOnly], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 20 Mar 2019 10:41:37 GMT]}] 2019-03-20 10:41:37 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : StatusCode [405] 2019-03-20 10:41:37 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Time [491] 2019-03-20 10:41:37 DEBUG [ApiV1OrgsIdDeleteOrghijack1] : Size [159] 2019-03-20 10:41:37 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [405 == 200] result [Failed]--- FX Bot ---