jaleelsyed / fx-local

0 stars 0 forks source link

InvalidAuth on DELETE:/api/v1/primary-transaction/{id} #186

Closed jaleelsyed closed 2 years ago

jaleelsyed commented 2 years ago

Title: InvalidAuth Vulnerability on DELETE:/api/v1/primary-transaction/{id} Project: Netbanking Description: The Invalid-Authentication exploit gives an attacker full access to the vulnerable endpoint without a valid credentials.

Assertion The 'Authentication Exploit' scanning identifies vulnerabilities resulting from either skipping or using cached results for expired or invalid tokens/authorization header values.Risk: InvalidAuth Severity: Critical API Endpoint: http://95.217.118.53:8080/api/v1/primary-transaction/12345 Environment: Master Playbook: ApiV1PrimaryTransactionIdDeleteAuthInvalid Researcher: Invalid_Auth

QUICK TIPS

Suggestion: Make sure the endpoint is secured as part of the authentication framework. Effort Estimate: 3.0 Hrs Wire Logs:

IMPORTANT LINKS

Vulnerability Details: https://cloud.fxlabs.io/#/app/projects/402880e87e66f039017e66f437980000/recommendations/402880e87e673b4c017e673e4d0500a7/details

Project: https://cloud.fxlabs.io/#/app/projects/402880e87e66f039017e66f437980000/jobs

Environment: https://cloud.fxlabs.io/#/app/projects/402880e87e66f039017e66f437980000/environments/null/edit

Scan Dashboard: https://cloud.fxlabs.io/#/app/projects/402880e87e66f039017e66f437980000/jobs/402880e87e66f039017e66f47ad0017f/runs/402880e87e673b4c017e673da99e005c

Playbook: https://cloud.fxlabs.io/#/app/projects/402880e87e66f039017e66f437980000/template/ApiV1PrimaryTransactionIdDeleteAuthInvalid

Coverage: https://cloud.fxlabs.io/#/app/projects/402880e87e66f039017e66f437980000/configuration

Code Sample: https://cloud.fxlabs.io/#/app/projects/402880e87e66f039017e66f437980000/recommendations/402880e87e673b4c017e673e4d0500a7/codesamples

PS: Please contact support@apisec.ai for apisec access and login issues.

--- apisec Bot ---