Open zahedmohammed opened 5 years ago
Project : ticketlake
Job : Default
Env : Default
Category : Unsecured
Tags : [ OWASP - OTG-AUTHN-002, FX Top 10 - API Vulnerability]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {Date=[Mon, 21 Jan 2019 06:07:00 GMT], Content-Type=[application/json], Connection=[keep-alive], Access-Control-Allow-Headers=[X-Requested-With,Content-Type,Accept,Origin], Access-Control-Allow-Origin=[], Access-Control-Allow-Methods=[], Access-Control-Allow-Credentials=[true]}
Endpoint : http://virtserver.swaggerhub.com/T6352/Ticket-Lake/1.0.0/user/428135888
Request :
Response :
Logs : 2019-01-21 06:06:58 DEBUG [UserUsernamePutAnonymousInvalid] : URL [http://virtserver.swaggerhub.com/T6352/Ticket-Lake/1.0.0/user/428135888] 2019-01-21 06:06:58 DEBUG [UserUsernamePutAnonymousInvalid] : Method [PUT] 2019-01-21 06:06:58 DEBUG [UserUsernamePutAnonymousInvalid] : Request [] 2019-01-21 06:06:58 DEBUG [UserUsernamePutAnonymousInvalid] : Request-Headers [{Content-Type=[application/json], Accept=[application/json]}] 2019-01-21 06:06:58 DEBUG [UserUsernamePutAnonymousInvalid] : Response [] 2019-01-21 06:06:58 DEBUG [UserUsernamePutAnonymousInvalid] : Response-Headers [{Date=[Mon, 21 Jan 2019 06:07:00 GMT], Content-Type=[application/json], Connection=[keep-alive], Access-Control-Allow-Headers=[X-Requested-With,Content-Type,Accept,Origin], Access-Control-Allow-Origin=[], Access-Control-Allow-Methods=[], Access-Control-Allow-Credentials=[true]}] 2019-01-21 06:06:58 DEBUG [UserUsernamePutAnonymousInvalid] : StatusCode [400] 2019-01-21 06:06:58 DEBUG [UserUsernamePutAnonymousInvalid] : Time [2290] 2019-01-21 06:06:58 DEBUG [UserUsernamePutAnonymousInvalid] : Size [0] 2019-01-21 06:06:58 ERROR [UserUsernamePutAnonymousInvalid] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
--- FX Bot ---
Project : ticketlake
Job : Default
Env : Default
Category : Unsecured
Tags : [ OWASP - OTG-AUTHN-002, FX Top 10 - API Vulnerability]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 400
Headers : {Date=[Mon, 21 Jan 2019 06:07:00 GMT], Content-Type=[application/json], Connection=[keep-alive], Access-Control-Allow-Headers=[X-Requested-With,Content-Type,Accept,Origin], Access-Control-Allow-Origin=[], Access-Control-Allow-Methods=[], Access-Control-Allow-Credentials=[true]}
Endpoint : http://virtserver.swaggerhub.com/T6352/Ticket-Lake/1.0.0/user/428135888
Request :
Response :
Logs :
2019-01-21 06:06:58 DEBUG [UserUsernamePutAnonymousInvalid] : URL [http://virtserver.swaggerhub.com/T6352/Ticket-Lake/1.0.0/user/428135888] 2019-01-21 06:06:58 DEBUG [UserUsernamePutAnonymousInvalid] : Method [PUT] 2019-01-21 06:06:58 DEBUG [UserUsernamePutAnonymousInvalid] : Request [] 2019-01-21 06:06:58 DEBUG [UserUsernamePutAnonymousInvalid] : Request-Headers [{Content-Type=[application/json], Accept=[application/json]}] 2019-01-21 06:06:58 DEBUG [UserUsernamePutAnonymousInvalid] : Response [] 2019-01-21 06:06:58 DEBUG [UserUsernamePutAnonymousInvalid] : Response-Headers [{Date=[Mon, 21 Jan 2019 06:07:00 GMT], Content-Type=[application/json], Connection=[keep-alive], Access-Control-Allow-Headers=[X-Requested-With,Content-Type,Accept,Origin], Access-Control-Allow-Origin=[], Access-Control-Allow-Methods=[], Access-Control-Allow-Credentials=[true]}] 2019-01-21 06:06:58 DEBUG [UserUsernamePutAnonymousInvalid] : StatusCode [400] 2019-01-21 06:06:58 DEBUG [UserUsernamePutAnonymousInvalid] : Time [2290] 2019-01-21 06:06:58 DEBUG [UserUsernamePutAnonymousInvalid] : Size [0] 2019-01-21 06:06:58 ERROR [UserUsernamePutAnonymousInvalid] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [400 == 401 OR 400 == 403] result [Failed]
--- FX Bot ---