Open zahedmohammed opened 5 years ago
Project : bizpay
Job : Default
Env : Default
Region : Test19
Result : fail
Status Code : 301
Headers : {Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:56 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/void/]}
Endpoint : http://api.bizpay.co.uk/v1.25/charges/void/
Request :
{
"id" : "",
"gateway" : "worldpay",
"label" : "xnrnidxs",
"default" : false,
"show" : false
}
Response :
Logs :
Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [301 == 401 OR 301 == 403 OR == true] result [Failed]
--- FX Bot ---
Project : bizpay
Job : Default
Env : Default
Region : Test19
Result : fail
Status Code : 301
Headers : {Server=[nginx], Date=[Mon, 21 Jan 2019 11:16:28 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/void/]}
Endpoint : http://api.bizpay.co.uk/v1.25/charges/void/
Request :
{
"id" : "",
"gateway" : "worldpay",
"label" : "RRKRSc9l",
"default" : false,
"show" : false
}
Response :
Logs :
2019-01-21 11:16:28 DEBUG [null] : URL [http://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=NxqUIZNf]
2019-01-21 11:16:28 DEBUG [null] : Method [POST]
2019-01-21 11:16:28 DEBUG [null] : Request [{
"id" : "",
"gateway" : "worldpay",
"label" : "hFpGldQb",
"default" : false,
"show" : false
}]
2019-01-21 11:16:28 DEBUG [null] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAYml6cGF5LmNvLnVrOnVzZXJB]}]
2019-01-21 11:16:28 DEBUG [null] : Response [
] 2019-01-21 11:16:28 DEBUG [null] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 11:16:28 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=NxqUIZNf]}] 2019-01-21 11:16:28 DEBUG [null] : StatusCode [301] 2019-01-21 11:16:28 DEBUG [null] : Time [296] 2019-01-21 11:16:28 DEBUG [null] : Size [178] 2019-01-21 11:16:28 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [301 == 200 OR 301 == 201] result [Failed] 2019-01-21 11:16:28 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 11:16:28 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=NxqUIZNf]}] 2019-01-21 11:16:28 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 11:16:28 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=NxqUIZNf]}] 2019-01-21 11:16:28 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 11:16:28 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=NxqUIZNf]}] 2019-01-21 11:16:28 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 11:16:28 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=NxqUIZNf]}] 2019-01-21 11:16:28 DEBUG [ChargesVoidIdPutUserbDisallowAbac] : URL [http://api.bizpay.co.uk/v1.25/charges/void/] 2019-01-21 11:16:28 DEBUG [ChargesVoidIdPutUserbDisallowAbac] : Method [PUT] 2019-01-21 11:16:28 DEBUG [ChargesVoidIdPutUserbDisallowAbac] : Request [{ "id" : "", "gateway" : "worldpay", "label" : "RRKRSc9l", "default" : false, "show" : false }] 2019-01-21 11:16:28 DEBUG [ChargesVoidIdPutUserbDisallowAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckJAYml6cGF5LmNvLnVrOnVzZXJC]}] 2019-01-21 11:16:28 DEBUG [ChargesVoidIdPutUserbDisallowAbac] : Response [
] 2019-01-21 11:16:28 DEBUG [ChargesVoidIdPutUserbDisallowAbac] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 11:16:28 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/void/]}] 2019-01-21 11:16:28 DEBUG [ChargesVoidIdPutUserbDisallowAbac] : StatusCode [301] 2019-01-21 11:16:28 DEBUG [ChargesVoidIdPutUserbDisallowAbac] : Time [352] 2019-01-21 11:16:28 DEBUG [ChargesVoidIdPutUserbDisallowAbac] : Size [178] 2019-01-21 11:16:28 ERROR [ChargesVoidIdPutUserbDisallowAbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [301 == 401 OR 301 == 403 OR == true] result [Failed] 2019-01-21 11:16:31 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : URL [http://api.bizpay.co.uk/v1.25/charges/methods/] 2019-01-21 11:16:31 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Method [DELETE] 2019-01-21 11:16:31 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Request [null] 2019-01-21 11:16:31 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAYml6cGF5LmNvLnVrOnVzZXJB]}] 2019-01-21 11:16:31 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Response [
] 2019-01-21 11:16:31 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 11:16:31 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/]}] 2019-01-21 11:16:31 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : StatusCode [301] 2019-01-21 11:16:31 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Time [3308] 2019-01-21 11:16:31 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Size [178] 2019-01-21 11:16:31 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [301 == 200] result [Failed]
--- FX Bot ---
Project : bizpay
Job : Default
Env : Default
Category : ABAC_Level1
Tags : [FX Top 10 - API Vulnerability]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 301
Headers : {Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:14 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/void/]}
Endpoint : http://api.bizpay.co.uk/v1.25/charges/void/
Request :
{ "id" : "", "gateway" : "worldpay", "label" : "yUwJc3nO", "default" : false, "show" : false }
Response :
301 Moved Permanently
Logs :
2019-01-21 06:16:12 DEBUG [null] : URL [http://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=cDjxonmq] 2019-01-21 06:16:12 DEBUG [null] : Method [POST] 2019-01-21 06:16:12 DEBUG [null] : Request [{ "id" : "", "gateway" : "worldpay", "label" : "7ePTFudn", "default" : false, "show" : false }] 2019-01-21 06:16:12 DEBUG [null] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAYml6cGF5LmNvLnVrOnVzZXJB]}] 2019-01-21 06:16:12 DEBUG [null] : Response [
301 Moved Permanently
] 2019-01-21 06:16:12 DEBUG [null] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:14 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=cDjxonmq]}] 2019-01-21 06:16:12 DEBUG [null] : StatusCode [301] 2019-01-21 06:16:12 DEBUG [null] : Time [610] 2019-01-21 06:16:12 DEBUG [null] : Size [178] 2019-01-21 06:16:12 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [301 == 200 OR 301 == 201] result [Failed] 2019-01-21 06:16:12 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:14 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=cDjxonmq]}] 2019-01-21 06:16:12 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:14 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=cDjxonmq]}] 2019-01-21 06:16:12 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:14 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=cDjxonmq]}] 2019-01-21 06:16:12 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:14 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=cDjxonmq]}] 2019-01-21 06:16:13 DEBUG [ChargesVoidIdPutUserbDisallowAbac] : URL [http://api.bizpay.co.uk/v1.25/charges/void/] 2019-01-21 06:16:13 DEBUG [ChargesVoidIdPutUserbDisallowAbac] : Method [PUT] 2019-01-21 06:16:13 DEBUG [ChargesVoidIdPutUserbDisallowAbac] : Request [{ "id" : "", "gateway" : "worldpay", "label" : "yUwJc3nO", "default" : false, "show" : false }] 2019-01-21 06:16:13 DEBUG [ChargesVoidIdPutUserbDisallowAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckJAYml6cGF5LmNvLnVrOnVzZXJC]}] 2019-01-21 06:16:13 DEBUG [ChargesVoidIdPutUserbDisallowAbac] : Response [
301 Moved Permanently
] 2019-01-21 06:16:13 DEBUG [ChargesVoidIdPutUserbDisallowAbac] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:14 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/void/]}] 2019-01-21 06:16:13 DEBUG [ChargesVoidIdPutUserbDisallowAbac] : StatusCode [301] 2019-01-21 06:16:13 DEBUG [ChargesVoidIdPutUserbDisallowAbac] : Time [593] 2019-01-21 06:16:13 DEBUG [ChargesVoidIdPutUserbDisallowAbac] : Size [178] 2019-01-21 06:16:13 ERROR [ChargesVoidIdPutUserbDisallowAbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [301 == 401 OR 301 == 403 OR == true] result [Failed] 2019-01-21 06:16:13 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : URL [http://api.bizpay.co.uk/v1.25/charges/methods/] 2019-01-21 06:16:13 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Method [DELETE] 2019-01-21 06:16:13 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Request [null] 2019-01-21 06:16:13 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAYml6cGF5LmNvLnVrOnVzZXJB]}] 2019-01-21 06:16:13 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Response [
301 Moved Permanently
] 2019-01-21 06:16:13 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:15 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/]}] 2019-01-21 06:16:13 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : StatusCode [301] 2019-01-21 06:16:13 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Time [611] 2019-01-21 06:16:13 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Size [178] 2019-01-21 06:16:13 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [301 == 200] result [Failed]
--- FX Bot ---