Closed jaleelsyed closed 5 years ago
Project : SQLInjection2
Job : Default
Env : Default
Category : Unsecured
Tags : [ OWASP - OTG-AUTHN-002, FX Top 10 - API Vulnerability, Non-Intrusive]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 500
Headers : {}
Endpoint : http://localhost:8090/example/v1/hotels&size=100
Request :
Response : I/O error on GET request for "http://localhost:8090/example/v1/hotels&size=100": Connect to localhost:8090 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused: connect; nested exception is org.apache.http.conn.HttpHostConnectException: Connect to localhost:8090 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused: connect
Logs : 2019-01-22 09:29:48 DEBUG [ExampleV1HotelsGetAnonymousInvalid] : URL [http://localhost:8090/example/v1/hotels&size=100] 2019-01-22 09:29:48 DEBUG [ExampleV1HotelsGetAnonymousInvalid] : Method [GET] 2019-01-22 09:29:48 DEBUG [ExampleV1HotelsGetAnonymousInvalid] : Request [] 2019-01-22 09:29:48 DEBUG [ExampleV1HotelsGetAnonymousInvalid] : Request-Headers [{Content-Type=[application/json], Accept=[application/json]}] 2019-01-22 09:29:48 DEBUG [ExampleV1HotelsGetAnonymousInvalid] : Response [I/O error on GET request for "http://localhost:8090/example/v1/hotels&size=100": Connect to localhost:8090 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused: connect; nested exception is org.apache.http.conn.HttpHostConnectException: Connect to localhost:8090 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused: connect] 2019-01-22 09:29:48 DEBUG [ExampleV1HotelsGetAnonymousInvalid] : Response-Headers [{}] 2019-01-22 09:29:48 DEBUG [ExampleV1HotelsGetAnonymousInvalid] : StatusCode [500] 2019-01-22 09:29:48 DEBUG [ExampleV1HotelsGetAnonymousInvalid] : Time [2066] 2019-01-22 09:29:48 DEBUG [ExampleV1HotelsGetAnonymousInvalid] : Size [370] 2019-01-22 09:29:48 ERROR [ExampleV1HotelsGetAnonymousInvalid] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [500 == 401 OR 500 == 403] result [Failed]
--- FX Bot ---
Project : SQLInjection2
Job : Default
Env : Default
Category : Unsecured
Tags : [ OWASP - OTG-AUTHN-002, FX Top 10 - API Vulnerability, Non-Intrusive]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 500
Headers : {}
Endpoint : http://localhost:8090/example/v1/hotels&size=100
Request :
Response :
I/O error on GET request for "http://localhost:8090/example/v1/hotels&size=100": Connect to localhost:8090 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused: connect; nested exception is org.apache.http.conn.HttpHostConnectException: Connect to localhost:8090 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused: connect
Logs :
2019-01-22 09:29:48 DEBUG [ExampleV1HotelsGetAnonymousInvalid] : URL [http://localhost:8090/example/v1/hotels&size=100] 2019-01-22 09:29:48 DEBUG [ExampleV1HotelsGetAnonymousInvalid] : Method [GET] 2019-01-22 09:29:48 DEBUG [ExampleV1HotelsGetAnonymousInvalid] : Request [] 2019-01-22 09:29:48 DEBUG [ExampleV1HotelsGetAnonymousInvalid] : Request-Headers [{Content-Type=[application/json], Accept=[application/json]}] 2019-01-22 09:29:48 DEBUG [ExampleV1HotelsGetAnonymousInvalid] : Response [I/O error on GET request for "http://localhost:8090/example/v1/hotels&size=100": Connect to localhost:8090 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused: connect; nested exception is org.apache.http.conn.HttpHostConnectException: Connect to localhost:8090 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused: connect] 2019-01-22 09:29:48 DEBUG [ExampleV1HotelsGetAnonymousInvalid] : Response-Headers [{}] 2019-01-22 09:29:48 DEBUG [ExampleV1HotelsGetAnonymousInvalid] : StatusCode [500] 2019-01-22 09:29:48 DEBUG [ExampleV1HotelsGetAnonymousInvalid] : Time [2066] 2019-01-22 09:29:48 DEBUG [ExampleV1HotelsGetAnonymousInvalid] : Size [370] 2019-01-22 09:29:48 ERROR [ExampleV1HotelsGetAnonymousInvalid] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [500 == 401 OR 500 == 403] result [Failed]
--- FX Bot ---