Open devopsenggineer opened 5 years ago
Project : t
Job : Default
Env : Default
Category : InvalidAuthSQL
Tags : [OWASP A1, [PCI DSS 3.0] 6.5.1, OTG-AUTHN-004, FX Top 10 - API Vulnerability, Non-Intrusive, Injection]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {Server=[nginx/1.12.1], Date=[Sat, 23 Feb 2019 11:25:52 GMT], Content-Type=[application/json;charset=ISO-8859-1], Content-Length=[87], Connection=[keep-alive]}
Endpoint : http://52.53.242.1/vault/v2/sdb/user
Request :
Response : { "errors" : [ "Missing request header 'vault-token' for method parameter of type String" ] }
Logs : 2019-02-23 11:25:52 DEBUG [V2SdbUserDeleteAuthInvalidSql] : URL [http://52.53.242.1/vault/v2/sdb/user] 2019-02-23 11:25:52 DEBUG [V2SdbUserDeleteAuthInvalidSql] : Method [DELETE] 2019-02-23 11:25:52 DEBUG [V2SdbUserDeleteAuthInvalidSql] : Request [] 2019-02-23 11:25:52 DEBUG [V2SdbUserDeleteAuthInvalidSql] : Request-Headers [{Content-Type=[application/json], Accept=[application/json]}] 2019-02-23 11:25:52 DEBUG [V2SdbUserDeleteAuthInvalidSql] : Response [{ "errors" : [ "Missing request header 'vault-token' for method parameter of type String" ] }] 2019-02-23 11:25:52 DEBUG [V2SdbUserDeleteAuthInvalidSql] : Response-Headers [{Server=[nginx/1.12.1], Date=[Sat, 23 Feb 2019 11:25:52 GMT], Content-Type=[application/json;charset=ISO-8859-1], Content-Length=[87], Connection=[keep-alive]}] 2019-02-23 11:25:52 DEBUG [V2SdbUserDeleteAuthInvalidSql] : StatusCode [400] 2019-02-23 11:25:52 DEBUG [V2SdbUserDeleteAuthInvalidSql] : Time [18] 2019-02-23 11:25:52 DEBUG [V2SdbUserDeleteAuthInvalidSql] : Size [87] 2019-02-23 11:25:52 ERROR [V2SdbUserDeleteAuthInvalidSql] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
--- FX Bot ---
Project : t
Job : Default
Env : Default
Category : InvalidAuthSQL
Tags : [OWASP A1, [PCI DSS 3.0] 6.5.1, OTG-AUTHN-004, FX Top 10 - API Vulnerability, Non-Intrusive, Injection]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {Server=[nginx/1.12.1], Date=[Sat, 23 Feb 2019 11:25:52 GMT], Content-Type=[application/json;charset=ISO-8859-1], Content-Length=[87], Connection=[keep-alive]}
Endpoint : http://52.53.242.1/vault/v2/sdb/user
Request :
Response :
{ "errors" : [ "Missing request header 'vault-token' for method parameter of type String" ] }
Logs :
2019-02-23 11:25:52 DEBUG [V2SdbUserDeleteAuthInvalidSql] : URL [http://52.53.242.1/vault/v2/sdb/user] 2019-02-23 11:25:52 DEBUG [V2SdbUserDeleteAuthInvalidSql] : Method [DELETE] 2019-02-23 11:25:52 DEBUG [V2SdbUserDeleteAuthInvalidSql] : Request [] 2019-02-23 11:25:52 DEBUG [V2SdbUserDeleteAuthInvalidSql] : Request-Headers [{Content-Type=[application/json], Accept=[application/json]}] 2019-02-23 11:25:52 DEBUG [V2SdbUserDeleteAuthInvalidSql] : Response [{ "errors" : [ "Missing request header 'vault-token' for method parameter of type String" ] }] 2019-02-23 11:25:52 DEBUG [V2SdbUserDeleteAuthInvalidSql] : Response-Headers [{Server=[nginx/1.12.1], Date=[Sat, 23 Feb 2019 11:25:52 GMT], Content-Type=[application/json;charset=ISO-8859-1], Content-Length=[87], Connection=[keep-alive]}] 2019-02-23 11:25:52 DEBUG [V2SdbUserDeleteAuthInvalidSql] : StatusCode [400] 2019-02-23 11:25:52 DEBUG [V2SdbUserDeleteAuthInvalidSql] : Time [18] 2019-02-23 11:25:52 DEBUG [V2SdbUserDeleteAuthInvalidSql] : Size [87] 2019-02-23 11:25:52 ERROR [V2SdbUserDeleteAuthInvalidSql] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
--- FX Bot ---