Open jaleelsyed opened 5 years ago
Title : InvalidAuth Vulnerability on POST:null
Project : syncAll
Description : null
Risk : InvalidAuth
Severity : Major
API Endpoint : null
Environment : null
Playbook : ExampleV1HotelsPostAuthInvalid3
Researcher : Invalid_Auth Quick Tips :
Suggestion : null
Effort Estimate : null
Wire logs :
2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : URL [http://18.144.38.115:8090/example/v1/hotels] 2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : Method [POST] 2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : Auth [Invalid_Auth] 2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : Request [{ "city" : "Port Brock", "description" : "vyPcaGCH", "id" : "", "name" : "vyPcaGCH", "rating" : "729115399" }] 2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : Request-Headers [{Content-Type=[application/xml, application/json], Accept=[application/xml, application/json], Authorization=[Basic aW52YWxpZHVzZXJAZnhsYWJzLmlvOlRoaXNJc0ludmFsaWRQYXNzd29yZA==]}] 2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : Response [Invalid mime type "application/xml, application/json": Invalid token character ',' in token "xml, application/json"] 2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : Response-Headers [{}] 2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : StatusCode [500] 2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : Time [363] 2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : Size [115] 2019-09-05 06:49:38 ERROR [ExampleV1HotelsPostAuthInvalid3] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [500 == 401 OR 500 == 403] result [Failed]
Important Links : Vulnerability Details : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/recommendations/8a80cb816d001429016d002f9251000b/details
Project : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/jobs
Environment : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/environments/null/edit
Scan Dashboard : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/jobs/8a80cb816ce1de16016ce27355b30030/runs/8a80cb816d001429016d002f6e660003
Playbook : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/template/ExampleV1HotelsPostAuthInvalid3
Coverage : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/configuration
Code Sample : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/recommendations/8a80cb816d001429016d002f9251000b/codesamples
PS: : Please contact null For APISec access and login issues.
--- APISec Bot ---
Title : InvalidAuth Vulnerability on POST:null
Project : syncAll
Description : null
Risk : InvalidAuth
Severity : Major
API Endpoint : null
Environment : null
Playbook : ExampleV1HotelsPostAuthInvalid3
Researcher : Invalid_Auth Quick Tips :
Suggestion : null
Effort Estimate : null
Wire logs :
2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : URL [http://18.144.38.115:8090/example/v1/hotels] 2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : Method [POST] 2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : Auth [Invalid_Auth] 2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : Request [{ "city" : "Port Brock", "description" : "vyPcaGCH", "id" : "", "name" : "vyPcaGCH", "rating" : "729115399" }] 2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : Request-Headers [{Content-Type=[application/xml, application/json], Accept=[application/xml, application/json], Authorization=[Basic aW52YWxpZHVzZXJAZnhsYWJzLmlvOlRoaXNJc0ludmFsaWRQYXNzd29yZA==]}] 2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : Response [Invalid mime type "application/xml, application/json": Invalid token character ',' in token "xml, application/json"] 2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : Response-Headers [{}] 2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : StatusCode [500] 2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : Time [363] 2019-09-05 06:49:38 DEBUG [ExampleV1HotelsPostAuthInvalid3] : Size [115] 2019-09-05 06:49:38 ERROR [ExampleV1HotelsPostAuthInvalid3] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [500 == 401 OR 500 == 403] result [Failed]
Important Links :
Vulnerability Details : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/recommendations/8a80cb816d001429016d002f9251000b/details
Project : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/jobs
Environment : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/environments/null/edit
Scan Dashboard : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/jobs/8a80cb816ce1de16016ce27355b30030/runs/8a80cb816d001429016d002f6e660003
Playbook : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/template/ExampleV1HotelsPostAuthInvalid3
Coverage : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/configuration
Code Sample : https://localhost:8080/#/app/projects/8a80cb816ce1de16016ce27343700000/recommendations/8a80cb816d001429016d002f9251000b/codesamples
PS: : Please contact null For APISec access and login issues.
--- APISec Bot ---