Open jaleelsyed opened 5 years ago
Title : Unsecured Vulnerability on POST:null
Project : syncAll
Description : null
Risk : Unsecured
Severity : Major
API Endpoint : null
Environment : null
Playbook : ExampleV1HotelsIdPostAnonymousInvalid2
Researcher : Quick Tips :
Suggestion : null
Effort Estimate : null
Wire logs :
2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : URL [http://18.144.38.115:8090/example/v1/hotels/1150653409] 2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : Method [POST] 2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : Auth [] 2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : Request [{ "city" : "Port Jenaton", "description" : "x3I2Zkef", "id" : "", "name" : "x3I2Zkef", "rating" : "566239077" }] 2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : Request-Headers [{Content-Type=[application/xml, application/json], Accept=[application/xml, application/json]}] 2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : Response [Invalid mime type "application/xml, application/json": Invalid token character ',' in token "xml, application/json"] 2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : Response-Headers [{}] 2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : StatusCode [500] 2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : Time [44] 2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : Size [115] 2019-09-04 10:34:37 ERROR [ExampleV1HotelsIdPostAnonymousInvalid2] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [500 == 401 OR 500 == 403] result [Failed]
Important Links : Vulnerability Details : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/recommendations/8a80cb816cfb200d016cfbd72d920148/details
Project : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/jobs
Environment : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/environments/null/edit
Scan Dashboard : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/jobs/8a80cb816ce1de16016ce27355b30030/runs/8a80cb816cfb200d016cfbd715b00139
Playbook : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/template/ExampleV1HotelsIdPostAnonymousInvalid2
Coverage : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/configuration
Code Sample : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/recommendations/8a80cb816cfb200d016cfbd72d920148/codesamples
PS: : Please contact null For APISec access and login issues.
--- APISec Bot ---
Title : Unsecured Vulnerability on POST:null
Project : syncAll
Description : null
Risk : Unsecured
Severity : Major
API Endpoint : null
Environment : null
Playbook : ExampleV1HotelsIdPostAnonymousInvalid2
Researcher :
Quick Tips :
Suggestion : null
Effort Estimate : null
Wire logs :
2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : URL [http://18.144.38.115:8090/example/v1/hotels/1150653409] 2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : Method [POST] 2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : Auth [] 2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : Request [{ "city" : "Port Jenaton", "description" : "x3I2Zkef", "id" : "", "name" : "x3I2Zkef", "rating" : "566239077" }] 2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : Request-Headers [{Content-Type=[application/xml, application/json], Accept=[application/xml, application/json]}] 2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : Response [Invalid mime type "application/xml, application/json": Invalid token character ',' in token "xml, application/json"] 2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : Response-Headers [{}] 2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : StatusCode [500] 2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : Time [44] 2019-09-04 10:34:37 DEBUG [ExampleV1HotelsIdPostAnonymousInvalid2] : Size [115] 2019-09-04 10:34:37 ERROR [ExampleV1HotelsIdPostAnonymousInvalid2] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [500 == 401 OR 500 == 403] result [Failed]
Important Links :
Vulnerability Details : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/recommendations/8a80cb816cfb200d016cfbd72d920148/details
Project : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/jobs
Environment : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/environments/null/edit
Scan Dashboard : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/jobs/8a80cb816ce1de16016ce27355b30030/runs/8a80cb816cfb200d016cfbd715b00139
Playbook : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/template/ExampleV1HotelsIdPostAnonymousInvalid2
Coverage : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/configuration
Code Sample : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/recommendations/8a80cb816cfb200d016cfbd72d920148/codesamples
PS: : Please contact null For APISec access and login issues.
--- APISec Bot ---