Open shadab3682 opened 5 years ago
Project : testing111
Template : ApiV1BankAccountPostAllowedRbac
Run Id : 8a8080a169e2c7fa0169e2c936120059
Job : Default
Env : Default
Category : RBAC
Tags : [OWASP - OTG-IDENT-001 , FX Top 10 - API Vulnerability, Endpoint_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 401
Headers : {WWW-Authenticate=[Basic realm="Realm"], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 03 Apr 2019 10:40:32 GMT]}
Endpoint : http://54.215.136.217/api/v1/bank-account
Request : { "accountBalance" : "824074503", "accountNumber" : "824074503", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "user" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "MZaDVjK4", "version" : "" }, "version" : "" }
Response : { "timestamp" : "2019-04-03T10:40:32.344+0000", "status" : 401, "error" : "Unauthorized", "message" : "Unauthorized", "path" : "/api/v1/bank-account" }
Logs : com.fxlabs.fxt.bot.assertions.AssertionLogger@4c285695 --- FX Bot ---
Project : testing111
Template : ApiV1BankAccountPostAllowedRbac
Run Id : 8a8080a169e2c7fa0169e2c936120059
Job : Default
Env : Default
Category : RBAC
Tags : [OWASP - OTG-IDENT-001 , FX Top 10 - API Vulnerability, Endpoint_Access_Control]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 401
Headers : {WWW-Authenticate=[Basic realm="Realm"], X-Content-Type-Options=[nosniff], X-XSS-Protection=[1; mode=block], Cache-Control=[no-cache, no-store, max-age=0, must-revalidate], Pragma=[no-cache], Expires=[0], X-Frame-Options=[DENY], Content-Type=[application/json;charset=UTF-8], Transfer-Encoding=[chunked], Date=[Wed, 03 Apr 2019 10:40:32 GMT]}
Endpoint : http://54.215.136.217/api/v1/bank-account
Request :
{ "accountBalance" : "824074503", "accountNumber" : "824074503", "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "user" : { "createdBy" : "", "createdDate" : "", "id" : "", "inactive" : false, "modifiedBy" : "", "modifiedDate" : "", "name" : "MZaDVjK4", "version" : "" }, "version" : "" }
Response :
{ "timestamp" : "2019-04-03T10:40:32.344+0000", "status" : 401, "error" : "Unauthorized", "message" : "Unauthorized", "path" : "/api/v1/bank-account" }
Logs :
com.fxlabs.fxt.bot.assertions.AssertionLogger@4c285695 --- FX Bot ---