shadab3682
commented
5 years ago Project : proj11
Template : ApiV1PrimaryTransactionGetDisallowedRbac
Run Id : 8a80808f69dd9f210169e2710f185344
Job : Default
Env : Default
Category : RBAC
Tags : [OWASP - OTG-IDENT-001 , FX Top 10 - API Vulnerability, Endpoint_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 200
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 03 Apr 2019 09:04:24 GMT]}
Endpoint : http://54.215.136.217/api/v1/primary-transaction
Request :
Response :
{
"requestId" : "None",
"requestTime" : "2019-04-03T09:04:25.274+0000",
"errors" : false,
"messages" : [ ],
"data" : [ {
"id" : "160-18-9023",
"createdBy" : "13",
"createdDate" : "2019-02-22T11:00:17.797+0000",
"modifiedBy" : "13",
"modifiedDate" : "2019-02-22T17:44:04.089+0000",
"version" : null,
"inactive" : false,
"description" : "Metafiction",
"type" : "Primary",
"status" : "true",
"amount" : 527346.0,
"availableBalance" : 137593.0,
"user" : null
}, {
"id" : "221-55-9651",
"createdBy" : "14",
"createdDate" : "2019-02-22T07:26:27.979+0000",
"modifiedBy" : "13",
"modifiedDate" : "2019-02-22T07:54:39.986+0000",
"version" : null,
"inactive" : false,
"description" : "Fable",
"type" : "Primary",
"status" : "true",
"amount" : 57760.0,
"availableBalance" : 208843.0,
"user" : null
}, {
"id" : "598-84-3015",
"createdBy" : "11",
"createdDate" : "2019-02-22T16:39:35.949+0000",
"modifiedBy" : "11",
"modifiedDate" : "2019-02-22T16:14:21.377+0000",
"version" : null,
"inactive" : false,
"description" : "Legend",
"type" : "Primary",
"status" : "true",
"amount" : 246359.0,
"availableBalance" : 494801.0,
"user" : null
}, {
"id" : "212-06-8594",
"createdBy" : "11",
"createdDate" : "2019-02-22T05:28:41.033+0000",
"modifiedBy" : "12",
"modifiedDate" : "2019-02-22T04:04:47.616+0000",
"version" : null,
"inactive" : false,
"description" : "Short story",
"type" : "Primary",
"status" : "false",
"amount" : 248385.0,
"availableBalance" : 556815.0,
"user" : null
}, {
"id" : "178-55-5257",
"createdBy" : "12",
"createdDate" : "2019-02-22T02:33:22.630+0000",
"modifiedBy" : "14",
"modifiedDate" : "2019-02-22T18:34:44.293+0000",
"version" : null,
"inactive" : false,
"description" : "Classic",
"type" : "Primary",
"status" : "true",
"amount" : 518375.0,
"availableBalance" : 62542.0,
"user" : null
}, {
"id" : "458-86-3994",
"createdBy" : "11",
"createdDate" : "2019-02-22T15:53:12.614+0000",
"modifiedBy" : "13",
"modifiedDate" : "2019-02-22T18:02:07.018+0000",
"version" : null,
"inactive" : false,
"description" : "Comic/Graphic Novel",
"type" : "Primary",
"status" : "false",
"amount" : 595187.0,
"availableBalance" : 573880.0,
"user" : null
}, {
"id" : "033-91-2851",
"createdBy" : "12",
"createdDate" : "2019-02-22T01:05:24.371+0000",
"modifiedBy" : "11",
"modifiedDate" : "2019-02-22T22:41:41.493+0000",
"version" : null,
"inactive" : false,
"description" : "Essay",
"type" : "Primary",
"status" : "true",
"amount" : 441097.0,
"availableBalance" : 321508.0,
"user" : null
}, {
"id" : "635-58-7174",
"createdBy" : "11",
"createdDate" : "2019-02-22T15:15:23.319+0000",
"modifiedBy" : "13",
"modifiedDate" : "2019-02-22T18:06:10.623+0000",
"version" : null,
"inactive" : false,
"description" : "Narrative nonfiction",
"type" : "Primary",
"status" : "false",
"amount" : 592027.0,
"availableBalance" : 315216.0,
"user" : null
}, {
"id" : "188-67-0170",
"createdBy" : "14",
"createdDate" : "2019-02-22T18:12:38.068+0000",
"modifiedBy" : "12",
"modifiedDate" : "2019-02-22T15:01:10.915+0000",
"version" : null,
"inactive" : false,
"description" : "Realistic fiction",
"type" : "Primary",
"status" : "true",
"amount" : 424125.0,
"availableBalance" : 404119.0,
"user" : null
}, {
"id" : "362-20-8791",
"createdBy" : "13",
"createdDate" : "2019-02-22T05:42:40.859+0000",
"modifiedBy" : "12",
"modifiedDate" : "2019-02-22T03:37:01.784+0000",
"version" : null,
"inactive" : false,
"description" : "Legend",
"type" : "Primary",
"status" : "false",
"amount" : 33230.0,
"availableBalance" : 595246.0,
"user" : null
}, {
"id" : "256-55-3478",
"createdBy" : "14",
"createdDate" : "2019-02-22T07:10:18.153+0000",
"modifiedBy" : "12",
"modifiedDate" : "2019-02-22T04:41:11.898+0000",
"version" : null,
"inactive" : false,
"description" : "Fanfiction",
"type" : "Primary",
"status" : "true",
"amount" : 586287.0,
"availableBalance" : 535432.0,
"user" : null
}, {
"id" : "790-07-0723",
"createdBy" : "14",
"createdDate" : "2019-02-22T12:50:21.093+0000",
"modifiedBy" : "12",
"modifiedDate" : "2019-02-22T09:30:42.462+0000",
"version" : null,
"inactive" : false,
"description" : "Narrative nonfiction",
"type" : "Primary",
"status" : "false",
"amount" : 579275.0,
"availableBalance" : 227210.0,
"user" : null
}, {
"id" : "183-47-7543",
"createdBy" : "13",
"createdDate" : "2019-02-22T05:31:11.463+0000",
"modifiedBy" : "14",
"modifiedDate" : "2019-02-22T21:36:56.977+0000",
"version" : null,
"inactive" : false,
"description" : "Crime/Detective",
"type" : "Primary",
"status" : "false",
"amount" : 408459.0,
"availableBalance" : 119913.0,
"user" : null
}, {
"id" : "188-55-8642",
"createdBy" : "11",
"createdDate" : "2019-02-22T22:14:29.249+0000",
"modifiedBy" : "14",
"modifiedDate" : "2019-02-22T14:47:40.065+0000",
"version" : null,
"inactive" : false,
"description" : "Metafiction",
"type" : "Primary",
"status" : "false",
"amount" : 392678.0,
"availableBalance" : 486005.0,
"user" : null
}, {
"id" : "144-61-6844",
"createdBy" : "13",
"createdDate" : "2019-02-22T21:33:13.577+0000",
"modifiedBy" : "13",
"modifiedDate" : "2019-02-22T12:54:29.132+0000",
"version" : null,
"inactive" : false,
"description" : "Legend",
"type" : "Primary",
"status" : "true",
"amount" : 354543.0,
"availableBalance" : 558799.0,
"user" : null
}, {
"id" : "439-73-5510",
"createdBy" : "12",
"createdDate" : "2019-02-22T02:30:23.319+0000",
"modifiedBy" : "10",
"modifiedDate" : "2019-02-22T06:50:22.675+0000",
"version" : null,
"inactive" : false,
"description" : "Metafiction",
"type" : "Primary",
"status" : "true",
"amount" : 324177.0,
"availableBalance" : 285930.0,
"user" : null
}, {
"id" : "565-85-3043",
"createdBy" : "12",
"createdDate" : "2019-02-22T23:06:45.246+0000",
"modifiedBy" : "14",
"modifiedDate" : "2019-02-22T09:52:35.912+0000",
"version" : null,
"inactive" : false,
"description" : "Horror",
"type" : "Primary",
"status" : "false",
"amount" : 579222.0,
"availableBalance" : 365877.0,
"user" : null
}, {
"id" : "595-55-0958",
"createdBy" : "11",
"createdDate" : "2019-02-22T00:11:53.881+0000",
"modifiedBy" : "12",
"modifiedDate" : "2019-02-22T03:29:59.472+0000",
"version" : null,
"inactive" : false,
"description" : "Tall tale",
"type" : "Primary",
"status" : "true",
"amount" : 415484.0,
"availableBalance" : 409568.0,
"user" : null
}, {
"id" : "143-08-5442",
"createdBy" : "13",
"createdDate" : "2019-02-22T11:23:40.973+0000",
"modifiedBy" : "12",
"modifiedDate" : "2019-02-22T09:12:34.489+0000",
"version" : null,
"inactive" : false,
"description" : "Speech",
"type" : "Primary",
"status" : "false",
"amount" : 292686.0,
"availableBalance" : 35277.0,
"user" : null
}, {
"id" : "323-05-3009",
"createdBy" : "13",
"createdDate" : "2019-02-22T19:55:20.367+0000",
"modifiedBy" : "13",
"modifiedDate" : "2019-02-22T01:17:57.116+0000",
"version" : null,
"inactive" : false,
"description" : "Metafiction",
"type" : "Primary",
"status" : "false",
"amount" : 136311.0,
"availableBalance" : 165074.0,
"user" : null
} ],
"totalPages" : 0,
"totalElements" : 0
}
Logs :
com.fxlabs.fxt.bot.assertions.AssertionLogger@ba8a7b7
--- FX Bot ---
Project : proj11
Template : ApiV1PrimaryTransactionGetDisallowedRbac
Run Id : 8a80808f69dd9f210169e26a771351d4
Job : Default
Env : Default
Category : RBAC
Tags : [OWASP - OTG-IDENT-001 , FX Top 10 - API Vulnerability, Endpoint_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 200
Headers : {X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 03 Apr 2019 08:57:05 GMT]}
Endpoint : http://54.215.136.217/api/v1/primary-transaction
Request :
Response :
{ "requestId" : "None", "requestTime" : "2019-04-03T08:57:05.935+0000", "errors" : false, "messages" : [ ], "data" : [ { "id" : "160-18-9023", "createdBy" : "13", "createdDate" : "2019-02-22T11:00:17.797+0000", "modifiedBy" : "13", "modifiedDate" : "2019-02-22T17:44:04.089+0000", "version" : null, "inactive" : false, "description" : "Metafiction", "type" : "Primary", "status" : "true", "amount" : 527346.0, "availableBalance" : 137593.0, "user" : null }, { "id" : "221-55-9651", "createdBy" : "14", "createdDate" : "2019-02-22T07:26:27.979+0000", "modifiedBy" : "13", "modifiedDate" : "2019-02-22T07:54:39.986+0000", "version" : null, "inactive" : false, "description" : "Fable", "type" : "Primary", "status" : "true", "amount" : 57760.0, "availableBalance" : 208843.0, "user" : null }, { "id" : "598-84-3015", "createdBy" : "11", "createdDate" : "2019-02-22T16:39:35.949+0000", "modifiedBy" : "11", "modifiedDate" : "2019-02-22T16:14:21.377+0000", "version" : null, "inactive" : false, "description" : "Legend", "type" : "Primary", "status" : "true", "amount" : 246359.0, "availableBalance" : 494801.0, "user" : null }, { "id" : "212-06-8594", "createdBy" : "11", "createdDate" : "2019-02-22T05:28:41.033+0000", "modifiedBy" : "12", "modifiedDate" : "2019-02-22T04:04:47.616+0000", "version" : null, "inactive" : false, "description" : "Short story", "type" : "Primary", "status" : "false", "amount" : 248385.0, "availableBalance" : 556815.0, "user" : null }, { "id" : "178-55-5257", "createdBy" : "12", "createdDate" : "2019-02-22T02:33:22.630+0000", "modifiedBy" : "14", "modifiedDate" : "2019-02-22T18:34:44.293+0000", "version" : null, "inactive" : false, "description" : "Classic", "type" : "Primary", "status" : "true", "amount" : 518375.0, "availableBalance" : 62542.0, "user" : null }, { "id" : "458-86-3994", "createdBy" : "11", "createdDate" : "2019-02-22T15:53:12.614+0000", "modifiedBy" : "13", "modifiedDate" : "2019-02-22T18:02:07.018+0000", "version" : null, "inactive" : false, "description" : "Comic/Graphic Novel", "type" : "Primary", "status" : "false", "amount" : 595187.0, "availableBalance" : 573880.0, "user" : null }, { "id" : "033-91-2851", "createdBy" : "12", "createdDate" : "2019-02-22T01:05:24.371+0000", "modifiedBy" : "11", "modifiedDate" : "2019-02-22T22:41:41.493+0000", "version" : null, "inactive" : false, "description" : "Essay", "type" : "Primary", "status" : "true", "amount" : 441097.0, "availableBalance" : 321508.0, "user" : null }, { "id" : "635-58-7174", "createdBy" : "11", "createdDate" : "2019-02-22T15:15:23.319+0000", "modifiedBy" : "13", "modifiedDate" : "2019-02-22T18:06:10.623+0000", "version" : null, "inactive" : false, "description" : "Narrative nonfiction", "type" : "Primary", "status" : "false", "amount" : 592027.0, "availableBalance" : 315216.0, "user" : null }, { "id" : "188-67-0170", "createdBy" : "14", "createdDate" : "2019-02-22T18:12:38.068+0000", "modifiedBy" : "12", "modifiedDate" : "2019-02-22T15:01:10.915+0000", "version" : null, "inactive" : false, "description" : "Realistic fiction", "type" : "Primary", "status" : "true", "amount" : 424125.0, "availableBalance" : 404119.0, "user" : null }, { "id" : "362-20-8791", "createdBy" : "13", "createdDate" : "2019-02-22T05:42:40.859+0000", "modifiedBy" : "12", "modifiedDate" : "2019-02-22T03:37:01.784+0000", "version" : null, "inactive" : false, "description" : "Legend", "type" : "Primary", "status" : "false", "amount" : 33230.0, "availableBalance" : 595246.0, "user" : null }, { "id" : "256-55-3478", "createdBy" : "14", "createdDate" : "2019-02-22T07:10:18.153+0000", "modifiedBy" : "12", "modifiedDate" : "2019-02-22T04:41:11.898+0000", "version" : null, "inactive" : false, "description" : "Fanfiction", "type" : "Primary", "status" : "true", "amount" : 586287.0, "availableBalance" : 535432.0, "user" : null }, { "id" : "790-07-0723", "createdBy" : "14", "createdDate" : "2019-02-22T12:50:21.093+0000", "modifiedBy" : "12", "modifiedDate" : "2019-02-22T09:30:42.462+0000", "version" : null, "inactive" : false, "description" : "Narrative nonfiction", "type" : "Primary", "status" : "false", "amount" : 579275.0, "availableBalance" : 227210.0, "user" : null }, { "id" : "183-47-7543", "createdBy" : "13", "createdDate" : "2019-02-22T05:31:11.463+0000", "modifiedBy" : "14", "modifiedDate" : "2019-02-22T21:36:56.977+0000", "version" : null, "inactive" : false, "description" : "Crime/Detective", "type" : "Primary", "status" : "false", "amount" : 408459.0, "availableBalance" : 119913.0, "user" : null }, { "id" : "188-55-8642", "createdBy" : "11", "createdDate" : "2019-02-22T22:14:29.249+0000", "modifiedBy" : "14", "modifiedDate" : "2019-02-22T14:47:40.065+0000", "version" : null, "inactive" : false, "description" : "Metafiction", "type" : "Primary", "status" : "false", "amount" : 392678.0, "availableBalance" : 486005.0, "user" : null }, { "id" : "144-61-6844", "createdBy" : "13", "createdDate" : "2019-02-22T21:33:13.577+0000", "modifiedBy" : "13", "modifiedDate" : "2019-02-22T12:54:29.132+0000", "version" : null, "inactive" : false, "description" : "Legend", "type" : "Primary", "status" : "true", "amount" : 354543.0, "availableBalance" : 558799.0, "user" : null }, { "id" : "439-73-5510", "createdBy" : "12", "createdDate" : "2019-02-22T02:30:23.319+0000", "modifiedBy" : "10", "modifiedDate" : "2019-02-22T06:50:22.675+0000", "version" : null, "inactive" : false, "description" : "Metafiction", "type" : "Primary", "status" : "true", "amount" : 324177.0, "availableBalance" : 285930.0, "user" : null }, { "id" : "565-85-3043", "createdBy" : "12", "createdDate" : "2019-02-22T23:06:45.246+0000", "modifiedBy" : "14", "modifiedDate" : "2019-02-22T09:52:35.912+0000", "version" : null, "inactive" : false, "description" : "Horror", "type" : "Primary", "status" : "false", "amount" : 579222.0, "availableBalance" : 365877.0, "user" : null }, { "id" : "595-55-0958", "createdBy" : "11", "createdDate" : "2019-02-22T00:11:53.881+0000", "modifiedBy" : "12", "modifiedDate" : "2019-02-22T03:29:59.472+0000", "version" : null, "inactive" : false, "description" : "Tall tale", "type" : "Primary", "status" : "true", "amount" : 415484.0, "availableBalance" : 409568.0, "user" : null }, { "id" : "143-08-5442", "createdBy" : "13", "createdDate" : "2019-02-22T11:23:40.973+0000", "modifiedBy" : "12", "modifiedDate" : "2019-02-22T09:12:34.489+0000", "version" : null, "inactive" : false, "description" : "Speech", "type" : "Primary", "status" : "false", "amount" : 292686.0, "availableBalance" : 35277.0, "user" : null }, { "id" : "323-05-3009", "createdBy" : "13", "createdDate" : "2019-02-22T19:55:20.367+0000", "modifiedBy" : "13", "modifiedDate" : "2019-02-22T01:17:57.116+0000", "version" : null, "inactive" : false, "description" : "Metafiction", "type" : "Primary", "status" : "false", "amount" : 136311.0, "availableBalance" : 165074.0, "user" : null } ], "totalPages" : 0, "totalElements" : 0 }
Logs :
com.fxlabs.fxt.bot.assertions.AssertionLogger@22546a59 --- FX Bot ---