zahedmohammed
commented
5 years ago Project : bizpay
Job : Default
Env : Default
Region : Test19
Result : fail
Status Code : 301
Headers : {Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:45 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/refund/303806876&amount=303806876]}
Endpoint : http://api.bizpay.co.uk/v1.25/charges/refund/303806876&amount=303806876
Request :
Response :
301 Moved Permanently
Logs :
2019-01-21 10:38:45 DEBUG [ChargesRefundChargeIdPutAnonymousInvalid] : URL [http://api.bizpay.co.uk/v1.25/charges/refund/303806876&amount=303806876]
2019-01-21 10:38:45 DEBUG [ChargesRefundChargeIdPutAnonymousInvalid] : Method [PUT]
2019-01-21 10:38:45 DEBUG [ChargesRefundChargeIdPutAnonymousInvalid] : Request []
2019-01-21 10:38:45 DEBUG [ChargesRefundChargeIdPutAnonymousInvalid] : Request-Headers [{Content-Type=[application/json], Accept=[application/json]}]
2019-01-21 10:38:45 DEBUG [ChargesRefundChargeIdPutAnonymousInvalid] : Response [
301 Moved Permanently
] 2019-01-21 10:38:45 DEBUG [ChargesRefundChargeIdPutAnonymousInvalid] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:45 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/refund/303806876&amount=303806876]}] 2019-01-21 10:38:45 DEBUG [ChargesRefundChargeIdPutAnonymousInvalid] : StatusCode [301] 2019-01-21 10:38:45 DEBUG [ChargesRefundChargeIdPutAnonymousInvalid] : Time [305] 2019-01-21 10:38:45 DEBUG [ChargesRefundChargeIdPutAnonymousInvalid] : Size [178] 2019-01-21 10:38:45 ERROR [ChargesRefundChargeIdPutAnonymousInvalid] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [301 == 401 OR 301 == 403] result [Failed]
--- FX Bot ---
Project : bizpay
Job : Default
Env : Default
Category : Unsecured
Tags : [ OWASP - OTG-AUTHN-002, FX Top 10 - API Vulnerability]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 301
Headers : {Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:08 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/refund/426837633&amount=426837633]}
Endpoint : http://api.bizpay.co.uk/v1.25/charges/refund/426837633&amount=426837633
Request :
Response :
301 Moved Permanently
Logs :
2019-01-21 06:16:07 DEBUG [ChargesRefundChargeIdPutAnonymousInvalid] : URL [http://api.bizpay.co.uk/v1.25/charges/refund/426837633&amount=426837633] 2019-01-21 06:16:07 DEBUG [ChargesRefundChargeIdPutAnonymousInvalid] : Method [PUT] 2019-01-21 06:16:07 DEBUG [ChargesRefundChargeIdPutAnonymousInvalid] : Request [] 2019-01-21 06:16:07 DEBUG [ChargesRefundChargeIdPutAnonymousInvalid] : Request-Headers [{Content-Type=[application/json], Accept=[application/json]}] 2019-01-21 06:16:07 DEBUG [ChargesRefundChargeIdPutAnonymousInvalid] : Response [
301 Moved Permanently
] 2019-01-21 06:16:07 DEBUG [ChargesRefundChargeIdPutAnonymousInvalid] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:08 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/refund/426837633&amount=426837633]}] 2019-01-21 06:16:07 DEBUG [ChargesRefundChargeIdPutAnonymousInvalid] : StatusCode [301] 2019-01-21 06:16:07 DEBUG [ChargesRefundChargeIdPutAnonymousInvalid] : Time [627] 2019-01-21 06:16:07 DEBUG [ChargesRefundChargeIdPutAnonymousInvalid] : Size [178] 2019-01-21 06:16:07 ERROR [ChargesRefundChargeIdPutAnonymousInvalid] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [301 == 401 OR 301 == 403] result [Failed]
--- FX Bot ---