Closed jaleelsyed closed 2 years ago
Project : adsf
Job : rbac
Env : Default
Category : RBAC
Tags : [OWASP - OTG-IDENT-001 , FX Top 10 - API Vulnerability, Endpoint_Access_Control]
Severity : Major
Region : local
Result : fail
Status Code : 406
Headers : {X-Application-Context=[application:8090], Content-Length=[0], Date=[Mon, 18 Feb 2019 16:24:17 GMT]}
Endpoint : http://18.144.38.115:8090/example/v1/hotels/m01psUKd
Request :
Response :
Logs : 2019-02-18 04:24:17 DEBUG [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : URL [http://18.144.38.115:8090/example/v1/hotels/m01psUKd] 2019-02-18 04:24:17 DEBUG [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : Method [GET] 2019-02-18 04:24:17 DEBUG [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : Request [] 2019-02-18 04:24:17 DEBUG [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/xml, application/json]}] 2019-02-18 04:24:17 DEBUG [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : Response [] 2019-02-18 04:24:17 DEBUG [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : Response-Headers [{X-Application-Context=[application:8090], Content-Length=[0], Date=[Mon, 18 Feb 2019 16:24:17 GMT]}] 2019-02-18 04:24:17 DEBUG [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : StatusCode [406] 2019-02-18 04:24:17 DEBUG [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : Time [525] 2019-02-18 04:24:17 DEBUG [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : Size [0] 2019-02-18 04:24:17 ERROR [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [406 == 401 OR 406 == 403] result [Failed]
--- FX Bot ---
Project : adsf
Job : rbac
Env : Default
Category : RBAC
Tags : [OWASP - OTG-IDENT-001 , FX Top 10 - API Vulnerability, Endpoint_Access_Control]
Severity : Major
Region : local
Result : fail
Status Code : 406
Headers : {X-Application-Context=[application:8090], Content-Length=[0], Date=[Mon, 18 Feb 2019 16:24:17 GMT]}
Endpoint : http://18.144.38.115:8090/example/v1/hotels/m01psUKd
Request :
Response :
Logs :
2019-02-18 04:24:17 DEBUG [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : URL [http://18.144.38.115:8090/example/v1/hotels/m01psUKd] 2019-02-18 04:24:17 DEBUG [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : Method [GET] 2019-02-18 04:24:17 DEBUG [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : Request [] 2019-02-18 04:24:17 DEBUG [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/xml, application/json]}] 2019-02-18 04:24:17 DEBUG [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : Response [] 2019-02-18 04:24:17 DEBUG [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : Response-Headers [{X-Application-Context=[application:8090], Content-Length=[0], Date=[Mon, 18 Feb 2019 16:24:17 GMT]}] 2019-02-18 04:24:17 DEBUG [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : StatusCode [406] 2019-02-18 04:24:17 DEBUG [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : Time [525] 2019-02-18 04:24:17 DEBUG [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : Size [0] 2019-02-18 04:24:17 ERROR [ExampleV1HotelsIdGetRoleAdminDisallowedRbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [406 == 401 OR 406 == 403] result [Failed]
--- FX Bot ---