Closed jaleelsyed closed 5 years ago
Project : RBAC testing
Job : Default
Env : Default
Category : RBAC
Tags : [OWASP - OTG-IDENT-001 , FX Top 10 - API Vulnerability]
Severity : Major
Region : local
Result : fail
Status Code : 500
Headers : {}
Endpoint : http://localhost:8090/api/v1/notifications
Request : { "accessKey" : "gXCYndQr", "account" : { "accountType" : "Slack", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "gXCYndQr", "org" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "gXCYndQr", "version" : "" }, "region" : "gXCYndQr", "version" : "" }, "channel" : "gXCYndQr", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "gXCYndQr", "org" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "gXCYndQr", "version" : "" }, "secretKey" : "gXCYndQr", "token" : "gXCYndQr", "type" : "EMAIL", "version" : "", "visibility" : "PRIVATE" }
Response : I/O error on POST request for "http://localhost:8090/api/v1/notifications": Connect to localhost:8090 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused: connect; nested exception is org.apache.http.conn.HttpHostConnectException: Connect to localhost:8090 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused: connect
Logs : 2019-01-21 06:55:42 DEBUG [ApiV1NotificationsPostRoleAdminDisallowedRbac] : URL [http://localhost:8090/api/v1/notifications] 2019-01-21 06:55:42 DEBUG [ApiV1NotificationsPostRoleAdminDisallowedRbac] : Method [POST] 2019-01-21 06:55:42 DEBUG [ApiV1NotificationsPostRoleAdminDisallowedRbac] : Request [{ "accessKey" : "gXCYndQr", "account" : { "accountType" : "Slack", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "gXCYndQr", "org" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "gXCYndQr", "version" : "" }, "region" : "gXCYndQr", "version" : "" }, "channel" : "gXCYndQr", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "gXCYndQr", "org" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "gXCYndQr", "version" : "" }, "secretKey" : "gXCYndQr", "token" : "gXCYndQr", "type" : "EMAIL", "version" : "", "visibility" : "PRIVATE" }] 2019-01-21 06:55:42 DEBUG [ApiV1NotificationsPostRoleAdminDisallowedRbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json]}] 2019-01-21 06:55:42 DEBUG [ApiV1NotificationsPostRoleAdminDisallowedRbac] : Response [I/O error on POST request for "http://localhost:8090/api/v1/notifications": Connect to localhost:8090 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused: connect; nested exception is org.apache.http.conn.HttpHostConnectException: Connect to localhost:8090 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused: connect] 2019-01-21 06:55:42 DEBUG [ApiV1NotificationsPostRoleAdminDisallowedRbac] : Response-Headers [{}] 2019-01-21 06:55:42 DEBUG [ApiV1NotificationsPostRoleAdminDisallowedRbac] : StatusCode [500] 2019-01-21 06:55:42 DEBUG [ApiV1NotificationsPostRoleAdminDisallowedRbac] : Time [2106] 2019-01-21 06:55:42 DEBUG [ApiV1NotificationsPostRoleAdminDisallowedRbac] : Size [365] 2019-01-21 06:55:42 ERROR [ApiV1NotificationsPostRoleAdminDisallowedRbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [500 == 401 OR 500 == 403] result [Failed]
--- FX Bot ---
Project : RBAC testing
Job : Default
Env : Default
Category : RBAC
Tags : [OWASP - OTG-IDENT-001 , FX Top 10 - API Vulnerability]
Severity : Major
Region : local
Result : fail
Status Code : 500
Headers : {}
Endpoint : http://localhost:8090/api/v1/notifications
Request :
{ "accessKey" : "gXCYndQr", "account" : { "accountType" : "Slack", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "gXCYndQr", "org" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "gXCYndQr", "version" : "" }, "region" : "gXCYndQr", "version" : "" }, "channel" : "gXCYndQr", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "gXCYndQr", "org" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "gXCYndQr", "version" : "" }, "secretKey" : "gXCYndQr", "token" : "gXCYndQr", "type" : "EMAIL", "version" : "", "visibility" : "PRIVATE" }
Response :
I/O error on POST request for "http://localhost:8090/api/v1/notifications": Connect to localhost:8090 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused: connect; nested exception is org.apache.http.conn.HttpHostConnectException: Connect to localhost:8090 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused: connect
Logs :
2019-01-21 06:55:42 DEBUG [ApiV1NotificationsPostRoleAdminDisallowedRbac] : URL [http://localhost:8090/api/v1/notifications] 2019-01-21 06:55:42 DEBUG [ApiV1NotificationsPostRoleAdminDisallowedRbac] : Method [POST] 2019-01-21 06:55:42 DEBUG [ApiV1NotificationsPostRoleAdminDisallowedRbac] : Request [{ "accessKey" : "gXCYndQr", "account" : { "accountType" : "Slack", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "gXCYndQr", "org" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "gXCYndQr", "version" : "" }, "region" : "gXCYndQr", "version" : "" }, "channel" : "gXCYndQr", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "gXCYndQr", "org" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "gXCYndQr", "version" : "" }, "secretKey" : "gXCYndQr", "token" : "gXCYndQr", "type" : "EMAIL", "version" : "", "visibility" : "PRIVATE" }] 2019-01-21 06:55:42 DEBUG [ApiV1NotificationsPostRoleAdminDisallowedRbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json]}] 2019-01-21 06:55:42 DEBUG [ApiV1NotificationsPostRoleAdminDisallowedRbac] : Response [I/O error on POST request for "http://localhost:8090/api/v1/notifications": Connect to localhost:8090 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused: connect; nested exception is org.apache.http.conn.HttpHostConnectException: Connect to localhost:8090 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused: connect] 2019-01-21 06:55:42 DEBUG [ApiV1NotificationsPostRoleAdminDisallowedRbac] : Response-Headers [{}] 2019-01-21 06:55:42 DEBUG [ApiV1NotificationsPostRoleAdminDisallowedRbac] : StatusCode [500] 2019-01-21 06:55:42 DEBUG [ApiV1NotificationsPostRoleAdminDisallowedRbac] : Time [2106] 2019-01-21 06:55:42 DEBUG [ApiV1NotificationsPostRoleAdminDisallowedRbac] : Size [365] 2019-01-21 06:55:42 ERROR [ApiV1NotificationsPostRoleAdminDisallowedRbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [500 == 401 OR 500 == 403] result [Failed]
--- FX Bot ---