Open devopsenggineer opened 5 years ago
Project : twre
Job : Default
Env : Default
Category : RBAC
Tags : [OWASP - OTG-IDENT-001 , FX Top 10 - API Vulnerability, Endpoint_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 200
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Thu, 21 Feb 2019 09:59:23 GMT]}
Endpoint : http://54.215.136.217/api/v1/primary-transaction/gI3uynlU
Request :
Response : { "requestId" : "None", "requestTime" : "2019-02-21T09:59:23.222+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : "", "value" : null } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }
Logs : 2019-02-21 09:59:23 DEBUG [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : URL [http://54.215.136.217/api/v1/primary-transaction/gI3uynlU] 2019-02-21 09:59:23 DEBUG [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : Method [DELETE] 2019-02-21 09:59:23 DEBUG [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : Request [] 2019-02-21 09:59:23 DEBUG [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json]}] 2019-02-21 09:59:23 DEBUG [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : Response [{ "requestId" : "None", "requestTime" : "2019-02-21T09:59:23.222+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : "", "value" : null } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }] 2019-02-21 09:59:23 DEBUG [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Thu, 21 Feb 2019 09:59:23 GMT]}] 2019-02-21 09:59:23 DEBUG [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : StatusCode [200] 2019-02-21 09:59:23 DEBUG [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : Time [30] 2019-02-21 09:59:23 DEBUG [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : Size [176] 2019-02-21 09:59:23 ERROR [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [200 == 401 OR 200 == 403] result [Failed]
--- FX Bot ---
Project : twre
Job : Default
Env : Default
Category : RBAC
Tags : [OWASP - OTG-IDENT-001 , FX Top 10 - API Vulnerability, Endpoint_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 200
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Thu, 21 Feb 2019 09:59:23 GMT]}
Endpoint : http://54.215.136.217/api/v1/primary-transaction/gI3uynlU
Request :
Response :
{ "requestId" : "None", "requestTime" : "2019-02-21T09:59:23.222+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : "", "value" : null } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }
Logs :
2019-02-21 09:59:23 DEBUG [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : URL [http://54.215.136.217/api/v1/primary-transaction/gI3uynlU] 2019-02-21 09:59:23 DEBUG [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : Method [DELETE] 2019-02-21 09:59:23 DEBUG [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : Request [] 2019-02-21 09:59:23 DEBUG [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json]}] 2019-02-21 09:59:23 DEBUG [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : Response [{ "requestId" : "None", "requestTime" : "2019-02-21T09:59:23.222+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : "", "value" : null } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }] 2019-02-21 09:59:23 DEBUG [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : Response-Headers [{X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Thu, 21 Feb 2019 09:59:23 GMT]}] 2019-02-21 09:59:23 DEBUG [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : StatusCode [200] 2019-02-21 09:59:23 DEBUG [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : Time [30] 2019-02-21 09:59:23 DEBUG [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : Size [176] 2019-02-21 09:59:23 ERROR [ApiV1PrimaryTransactionIdDeleteRoleUserDisallowedRbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [200 == 401 OR 200 == 403] result [Failed]
--- FX Bot ---