sohail1024
commented
5 years ago Project : testing03On04March
Job : Default
Env : Default
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 500
Headers : {}
Endpoint : http://18.144.38.115:8090/example/v1/hotels/DflAor6n
Request :
{
"city" : "New Nicholaus",
"description" : "1TBynBjB",
"id" : "",
"name" : "1TBynBjB",
"rating" : "614013187"
}
Response :
Invalid mime type "application/xml, application/json": Invalid token character ',' in token "xml, application/json"
Logs :
2019-03-04 07:33:44 DEBUG [ExampleV1HotelsIdPutAuthInvalidSql] : URL [http://18.144.38.115:8090/example/v1/hotels/DflAor6n]
2019-03-04 07:33:44 DEBUG [ExampleV1HotelsIdPutAuthInvalidSql] : Method [PUT]
2019-03-04 07:33:44 DEBUG [ExampleV1HotelsIdPutAuthInvalidSql] : Request [{
"city" : "New Nicholaus",
"description" : "1TBynBjB",
"id" : "",
"name" : "1TBynBjB",
"rating" : "614013187"
}]
2019-03-04 07:33:44 DEBUG [ExampleV1HotelsIdPutAuthInvalidSql] : Request-Headers [{Content-Type=[application/xml, application/json], Accept=[application/xml, application/json]}]
2019-03-04 07:33:44 DEBUG [ExampleV1HotelsIdPutAuthInvalidSql] : Response [Invalid mime type "application/xml, application/json": Invalid token character ',' in token "xml, application/json"]
2019-03-04 07:33:44 DEBUG [ExampleV1HotelsIdPutAuthInvalidSql] : Response-Headers [{}]
2019-03-04 07:33:44 DEBUG [ExampleV1HotelsIdPutAuthInvalidSql] : StatusCode [500]
2019-03-04 07:33:44 DEBUG [ExampleV1HotelsIdPutAuthInvalidSql] : Time [12]
2019-03-04 07:33:44 DEBUG [ExampleV1HotelsIdPutAuthInvalidSql] : Size [115]
2019-03-04 07:33:44 ERROR [ExampleV1HotelsIdPutAuthInvalidSql] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [500 == 401 OR 500 == 403] result [Failed]
--- FX Bot ---
Project : testing03On04March
Job : Default
Env : Default
Category : InvalidAuthSQL
Tags : [OWASP A1, [PCI DSS 3.0] 6.5.1, OTG-AUTHN-004, FX Top 10 - API Vulnerability, Non-Intrusive, Injection]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 500
Headers : {}
Endpoint : http://18.144.38.115:8090/example/v1/hotels/LblNB0XC
Request :
{ "city" : "Janisstad", "description" : "dGS1Uh6l", "id" : "", "name" : "dGS1Uh6l", "rating" : "656999294" }
Response :
Invalid mime type "application/xml, application/json": Invalid token character ',' in token "xml, application/json"
Logs :
2019-03-04 05:39:45 DEBUG [ExampleV1HotelsIdPutAuthInvalidSql] : URL [http://18.144.38.115:8090/example/v1/hotels/LblNB0XC] 2019-03-04 05:39:45 DEBUG [ExampleV1HotelsIdPutAuthInvalidSql] : Method [PUT] 2019-03-04 05:39:45 DEBUG [ExampleV1HotelsIdPutAuthInvalidSql] : Request [{ "city" : "Janisstad", "description" : "dGS1Uh6l", "id" : "", "name" : "dGS1Uh6l", "rating" : "656999294" }] 2019-03-04 05:39:45 DEBUG [ExampleV1HotelsIdPutAuthInvalidSql] : Request-Headers [{Content-Type=[application/xml, application/json], Accept=[application/xml, application/json]}] 2019-03-04 05:39:45 DEBUG [ExampleV1HotelsIdPutAuthInvalidSql] : Response [Invalid mime type "application/xml, application/json": Invalid token character ',' in token "xml, application/json"] 2019-03-04 05:39:45 DEBUG [ExampleV1HotelsIdPutAuthInvalidSql] : Response-Headers [{}] 2019-03-04 05:39:45 DEBUG [ExampleV1HotelsIdPutAuthInvalidSql] : StatusCode [500] 2019-03-04 05:39:45 DEBUG [ExampleV1HotelsIdPutAuthInvalidSql] : Time [3] 2019-03-04 05:39:45 DEBUG [ExampleV1HotelsIdPutAuthInvalidSql] : Size [115] 2019-03-04 05:39:45 ERROR [ExampleV1HotelsIdPutAuthInvalidSql] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [500 == 401 OR 500 == 403] result [Failed]
--- FX Bot ---