search

zahedmohammed / testingApi

0 stars 0 forks source link

bizpay : AgreementsIdCancelPutUserbDisallowAbac #60

Open zahedmohammed opened 5 years ago

zahedmohammed commented 5 years ago

Project : bizpay

Job : Default

Env : Default

Category : ABAC_Level1

Tags : [FX Top 10 - API Vulnerability]

Severity : Major

Region : FXLabs/US_WEST_1

Result : fail

Status Code : 301

Headers : {Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:09 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements/cancel]}

Endpoint : http://api.bizpay.co.uk/v1.25/agreements//cancel

Request :
{ "customer" : [ { } ], "seller" : [ { } ], "agreement" : [ { } ], "notifications" : [ { } ] }

Response :

301 Moved Permanently

301 Moved Permanently

nginx

Logs :
2019-01-21 06:16:07 DEBUG [null] : URL [http://api.bizpay.co.uk/v1.25/agreements] 2019-01-21 06:16:07 DEBUG [null] : Method [POST] 2019-01-21 06:16:07 DEBUG [null] : Request [{ "customer" : [ { } ], "seller" : [ { } ], "agreement" : [ { } ], "notifications" : [ { } ] }] 2019-01-21 06:16:07 DEBUG [null] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAYml6cGF5LmNvLnVrOnVzZXJB]}] 2019-01-21 06:16:07 DEBUG [null] : Response [

301 Moved Permanently

301 Moved Permanently

nginx

] 2019-01-21 06:16:07 DEBUG [null] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:08 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements]}] 2019-01-21 06:16:07 DEBUG [null] : StatusCode [301] 2019-01-21 06:16:07 DEBUG [null] : Time [669] 2019-01-21 06:16:07 DEBUG [null] : Size [178] 2019-01-21 06:16:07 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [301 == 200 OR 301 == 201] result [Failed] 2019-01-21 06:16:07 DEBUG [PostAgreementCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:08 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements]}] 2019-01-21 06:16:07 DEBUG [PostAgreementCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:08 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements]}] 2019-01-21 06:16:07 DEBUG [PostAgreementCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:08 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements]}] 2019-01-21 06:16:07 DEBUG [PostAgreementCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:08 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements]}] 2019-01-21 06:16:07 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : URL [http://api.bizpay.co.uk/v1.25/agreements//cancel] 2019-01-21 06:16:07 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Method [PUT] 2019-01-21 06:16:07 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Request [{ "customer" : [ { } ], "seller" : [ { } ], "agreement" : [ { } ], "notifications" : [ { } ] }] 2019-01-21 06:16:07 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckJAYml6cGF5LmNvLnVrOnVzZXJC]}] 2019-01-21 06:16:07 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Response [

301 Moved Permanently

301 Moved Permanently

nginx

] 2019-01-21 06:16:07 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:09 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements/cancel]}] 2019-01-21 06:16:07 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : StatusCode [301] 2019-01-21 06:16:07 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Time [702] 2019-01-21 06:16:07 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Size [178] 2019-01-21 06:16:07 ERROR [AgreementsIdCancelPutUserbDisallowAbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [301 == 401 OR 301 == 403 OR == true] result [Failed]

--- FX Bot ---

zahedmohammed commented 5 years ago

Project : bizpay

Job : Default

Env : Default

Region : Test19

Result : fail

Status Code : 301

Headers : {Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:28 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements/cancel]}

Endpoint : http://api.bizpay.co.uk/v1.25/agreements//cancel

Request :
{ "customer" : [ { } ], "seller" : [ { } ], "agreement" : [ { } ], "notifications" : [ { } ] }

Response :

301 Moved Permanently

301 Moved Permanently

nginx

Logs :
2019-01-21 10:38:28 DEBUG [null] : URL [http://api.bizpay.co.uk/v1.25/agreements] 2019-01-21 10:38:28 DEBUG [null] : Method [POST] 2019-01-21 10:38:28 DEBUG [null] : Request [{ "customer" : [ { } ], "seller" : [ { } ], "agreement" : [ { } ], "notifications" : [ { } ] }] 2019-01-21 10:38:28 DEBUG [null] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAYml6cGF5LmNvLnVrOnVzZXJB]}] 2019-01-21 10:38:28 DEBUG [null] : Response [

301 Moved Permanently

301 Moved Permanently

nginx

] 2019-01-21 10:38:28 DEBUG [null] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:28 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements]}] 2019-01-21 10:38:28 DEBUG [null] : StatusCode [301] 2019-01-21 10:38:28 DEBUG [null] : Time [418] 2019-01-21 10:38:28 DEBUG [null] : Size [178] 2019-01-21 10:38:28 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [301 == 200 OR 301 == 201] result [Failed] 2019-01-21 10:38:28 DEBUG [PostAgreementCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:28 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements]}] 2019-01-21 10:38:28 DEBUG [PostAgreementCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:28 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements]}] 2019-01-21 10:38:28 DEBUG [PostAgreementCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:28 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements]}] 2019-01-21 10:38:28 DEBUG [PostAgreementCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:28 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements]}] 2019-01-21 10:38:28 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : URL [http://api.bizpay.co.uk/v1.25/agreements//cancel] 2019-01-21 10:38:28 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Method [PUT] 2019-01-21 10:38:28 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Request [{ "customer" : [ { } ], "seller" : [ { } ], "agreement" : [ { } ], "notifications" : [ { } ] }] 2019-01-21 10:38:28 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckJAYml6cGF5LmNvLnVrOnVzZXJC]}] 2019-01-21 10:38:28 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Response [

301 Moved Permanently

301 Moved Permanently

nginx

] 2019-01-21 10:38:28 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:28 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements/cancel]}] 2019-01-21 10:38:28 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : StatusCode [301] 2019-01-21 10:38:28 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Time [295] 2019-01-21 10:38:28 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Size [178] 2019-01-21 10:38:28 ERROR [AgreementsIdCancelPutUserbDisallowAbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [301 == 401 OR 301 == 403 OR == true] result [Failed]

--- FX Bot ---

zahedmohammed commented 5 years ago

Project : bizpay

Job : Default

Env : Default

Region : Test19

Result : fail

Status Code : 301

Headers : {Server=[nginx], Date=[Mon, 21 Jan 2019 11:16:08 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements/cancel]}

Endpoint : http://api.bizpay.co.uk/v1.25/agreements//cancel

Request :
{ "customer" : [ { } ], "seller" : [ { } ], "agreement" : [ { } ], "notifications" : [ { } ] }

Response :

301 Moved Permanently

301 Moved Permanently

nginx

Logs :
Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [301 == 401 OR 301 == 403 OR == true] result [Failed] --- FX Bot ---

zahedmohammed commented 5 years ago

Project : bizpay

Job : Default

Env : Default

Region : Test19

Result : fail

Status Code : 301

Headers : {Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:50 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements/cancel]}

Endpoint : http://api.bizpay.co.uk/v1.25/agreements//cancel

Request :
{ "customer" : [ { } ], "seller" : [ { } ], "agreement" : [ { } ], "notifications" : [ { } ] }

Response :

301 Moved Permanently

301 Moved Permanently

nginx

Logs :
2019-01-25 00:03:50 DEBUG [PostAgreementCreateUserAInitAbac] : URL [http://api.bizpay.co.uk/v1.25/agreements] 2019-01-25 00:03:50 DEBUG [PostAgreementCreateUserAInitAbac] : Method [POST] 2019-01-25 00:03:50 DEBUG [PostAgreementCreateUserAInitAbac] : Request [{ "customer" : [ { } ], "seller" : [ { } ], "agreement" : [ { } ], "notifications" : [ { } ] }] 2019-01-25 00:03:50 DEBUG [PostAgreementCreateUserAInitAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAYml6cGF5LmNvLnVrOnVzZXJB]}] 2019-01-25 00:03:50 DEBUG [PostAgreementCreateUserAInitAbac] : Response [

301 Moved Permanently

301 Moved Permanently

nginx

] 2019-01-25 00:03:50 DEBUG [PostAgreementCreateUserAInitAbac] : Response-Headers [{Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:49 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements]}] 2019-01-25 00:03:50 DEBUG [PostAgreementCreateUserAInitAbac] : StatusCode [301] 2019-01-25 00:03:50 DEBUG [PostAgreementCreateUserAInitAbac] : Time [2184] 2019-01-25 00:03:50 DEBUG [PostAgreementCreateUserAInitAbac] : Size [178] 2019-01-25 00:03:50 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [301 == 200 OR 301 == 201] result [Failed] 2019-01-25 00:03:50 DEBUG [PostAgreementCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:49 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements]}] 2019-01-25 00:03:50 DEBUG [PostAgreementCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:49 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements]}] 2019-01-25 00:03:50 DEBUG [PostAgreementCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:49 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements]}] 2019-01-25 00:03:50 DEBUG [PostAgreementCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:49 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements]}] 2019-01-25 00:03:50 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : URL [http://api.bizpay.co.uk/v1.25/agreements//cancel] 2019-01-25 00:03:50 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Method [PUT] 2019-01-25 00:03:50 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Request [{ "customer" : [ { } ], "seller" : [ { } ], "agreement" : [ { } ], "notifications" : [ { } ] }] 2019-01-25 00:03:50 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckJAYml6cGF5LmNvLnVrOnVzZXJC]}] 2019-01-25 00:03:50 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Response [

301 Moved Permanently

301 Moved Permanently

nginx

] 2019-01-25 00:03:50 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Response-Headers [{Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:50 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/agreements/cancel]}] 2019-01-25 00:03:50 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : StatusCode [301] 2019-01-25 00:03:50 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Time [327] 2019-01-25 00:03:50 DEBUG [AgreementsIdCancelPutUserbDisallowAbac] : Size [178] 2019-01-25 00:03:50 ERROR [AgreementsIdCancelPutUserbDisallowAbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [301 == 401 OR 301 == 403 OR == true] result [Failed]

--- FX Bot ---