bizpay : PlansIdGetUserbDisallowAbac

Project : bizpay

Job : Default

Env : Default

Category : ABAC_Level1

Tags : [FX Top 10 - API Vulnerability]

Severity : Major

Region : FXLabs/US_WEST_1

Result : fail

Status Code : 500

Headers : {}

Endpoint : http://api.bizpay.co.uk/v1.25/plans/

Request :

Response :
I/O error on GET request for "http://api.bizpay.co.uk/v1.25/plans/": Read timed out; nested exception is java.net.SocketTimeoutException: Read timed out

Logs :
2019-01-21 06:16:07 DEBUG [null] : URL [http://api.bizpay.co.uk/v1.25/plans] 2019-01-21 06:16:07 DEBUG [null] : Method [POST] 2019-01-21 06:16:07 DEBUG [null] : Request [{ }] 2019-01-21 06:16:07 DEBUG [null] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAYml6cGF5LmNvLnVrOnVzZXJB]}] 2019-01-21 06:16:07 DEBUG [null] : Response [

301 Moved Permanently

nginx

] 2019-01-21 06:16:07 DEBUG [null] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:08 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/plans]}] 2019-01-21 06:16:07 DEBUG [null] : StatusCode [301] 2019-01-21 06:16:07 DEBUG [null] : Time [535] 2019-01-21 06:16:07 DEBUG [null] : Size [178] 2019-01-21 06:16:07 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [301 == 200 OR 301 == 201] result [Failed] 2019-01-21 06:16:07 DEBUG [PostPlanCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:08 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/plans]}] 2019-01-21 06:16:07 DEBUG [PostPlanCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:08 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/plans]}] 2019-01-21 06:16:07 DEBUG [PostPlanCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:08 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/plans]}] 2019-01-21 06:16:07 DEBUG [PostPlanCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:08 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/plans]}] 2019-01-21 06:16:23 DEBUG [PlansIdGetUserbDisallowAbac] : URL [http://api.bizpay.co.uk/v1.25/plans/] 2019-01-21 06:16:23 DEBUG [PlansIdGetUserbDisallowAbac] : Method [GET] 2019-01-21 06:16:23 DEBUG [PlansIdGetUserbDisallowAbac] : Request [] 2019-01-21 06:16:23 DEBUG [PlansIdGetUserbDisallowAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckJAYml6cGF5LmNvLnVrOnVzZXJC]}] 2019-01-21 06:16:23 DEBUG [PlansIdGetUserbDisallowAbac] : Response [I/O error on GET request for "http://api.bizpay.co.uk/v1.25/plans/": Read timed out; nested exception is java.net.SocketTimeoutException: Read timed out] 2019-01-21 06:16:23 DEBUG [PlansIdGetUserbDisallowAbac] : Response-Headers [{}] 2019-01-21 06:16:23 DEBUG [PlansIdGetUserbDisallowAbac] : StatusCode [500] 2019-01-21 06:16:23 DEBUG [PlansIdGetUserbDisallowAbac] : Time [16581] 2019-01-21 06:16:23 DEBUG [PlansIdGetUserbDisallowAbac] : Size [152] 2019-01-21 06:16:23 ERROR [PlansIdGetUserbDisallowAbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [500 == 401 OR 500 == 403 OR == true] result [Failed] 2019-01-21 06:16:24 DEBUG [PlansIdDeleteAbstractAbac] : URL [http://api.bizpay.co.uk/v1.25/plans/] 2019-01-21 06:16:24 DEBUG [PlansIdDeleteAbstractAbac] : Method [DELETE] 2019-01-21 06:16:24 DEBUG [PlansIdDeleteAbstractAbac] : Request [null] 2019-01-21 06:16:24 DEBUG [PlansIdDeleteAbstractAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAYml6cGF5LmNvLnVrOnVzZXJB]}] 2019-01-21 06:16:24 DEBUG [PlansIdDeleteAbstractAbac] : Response [

301 Moved Permanently

nginx

] 2019-01-21 06:16:24 DEBUG [PlansIdDeleteAbstractAbac] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:25 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/plans/]}] 2019-01-21 06:16:24 DEBUG [PlansIdDeleteAbstractAbac] : StatusCode [301] 2019-01-21 06:16:24 DEBUG [PlansIdDeleteAbstractAbac] : Time [516] 2019-01-21 06:16:24 DEBUG [PlansIdDeleteAbstractAbac] : Size [178] 2019-01-21 06:16:24 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [301 == 200] result [Failed]

--- FX Bot ---

Project : bizpay

Job : Default

Env : Default

Region : Test19

Result : fail

Status Code : 500

Headers : {}

Endpoint : http://api.bizpay.co.uk/v1.25/plans/

Request :

Response :
I/O error on GET request for "http://api.bizpay.co.uk/v1.25/plans/": Read timed out; nested exception is java.net.SocketTimeoutException: Read timed out

Logs :
2019-01-21 10:38:28 DEBUG [null] : URL [http://api.bizpay.co.uk/v1.25/plans] 2019-01-21 10:38:28 DEBUG [null] : Method [POST] 2019-01-21 10:38:28 DEBUG [null] : Request [{ }] 2019-01-21 10:38:28 DEBUG [null] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAYml6cGF5LmNvLnVrOnVzZXJB]}] 2019-01-21 10:38:28 DEBUG [null] : Response [

301 Moved Permanently

nginx

] 2019-01-21 10:38:28 DEBUG [null] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:28 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/plans]}] 2019-01-21 10:38:28 DEBUG [null] : StatusCode [301] 2019-01-21 10:38:28 DEBUG [null] : Time [459] 2019-01-21 10:38:28 DEBUG [null] : Size [178] 2019-01-21 10:38:28 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [301 == 200 OR 301 == 201] result [Failed] 2019-01-21 10:38:28 DEBUG [PostPlanCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:28 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/plans]}] 2019-01-21 10:38:28 DEBUG [PostPlanCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:28 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/plans]}] 2019-01-21 10:38:28 DEBUG [PostPlanCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:28 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/plans]}] 2019-01-21 10:38:28 DEBUG [PostPlanCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:28 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/plans]}] 2019-01-21 10:38:44 DEBUG [PlansIdGetUserbDisallowAbac] : URL [http://api.bizpay.co.uk/v1.25/plans/] 2019-01-21 10:38:44 DEBUG [PlansIdGetUserbDisallowAbac] : Method [GET] 2019-01-21 10:38:44 DEBUG [PlansIdGetUserbDisallowAbac] : Request [] 2019-01-21 10:38:44 DEBUG [PlansIdGetUserbDisallowAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckJAYml6cGF5LmNvLnVrOnVzZXJC]}] 2019-01-21 10:38:44 DEBUG [PlansIdGetUserbDisallowAbac] : Response [I/O error on GET request for "http://api.bizpay.co.uk/v1.25/plans/": Read timed out; nested exception is java.net.SocketTimeoutException: Read timed out] 2019-01-21 10:38:44 DEBUG [PlansIdGetUserbDisallowAbac] : Response-Headers [{}] 2019-01-21 10:38:44 DEBUG [PlansIdGetUserbDisallowAbac] : StatusCode [500] 2019-01-21 10:38:44 DEBUG [PlansIdGetUserbDisallowAbac] : Time [15836] 2019-01-21 10:38:44 DEBUG [PlansIdGetUserbDisallowAbac] : Size [152] 2019-01-21 10:38:44 ERROR [PlansIdGetUserbDisallowAbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [500 == 401 OR 500 == 403 OR == true] result [Failed] 2019-01-21 10:38:44 DEBUG [PlansIdDeleteAbstractAbac] : URL [http://api.bizpay.co.uk/v1.25/plans/] 2019-01-21 10:38:44 DEBUG [PlansIdDeleteAbstractAbac] : Method [DELETE] 2019-01-21 10:38:44 DEBUG [PlansIdDeleteAbstractAbac] : Request [null] 2019-01-21 10:38:44 DEBUG [PlansIdDeleteAbstractAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAYml6cGF5LmNvLnVrOnVzZXJB]}] 2019-01-21 10:38:44 DEBUG [PlansIdDeleteAbstractAbac] : Response [

301 Moved Permanently

nginx

] 2019-01-21 10:38:44 DEBUG [PlansIdDeleteAbstractAbac] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:44 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/plans/]}] 2019-01-21 10:38:44 DEBUG [PlansIdDeleteAbstractAbac] : StatusCode [301] 2019-01-21 10:38:44 DEBUG [PlansIdDeleteAbstractAbac] : Time [385] 2019-01-21 10:38:44 DEBUG [PlansIdDeleteAbstractAbac] : Size [178] 2019-01-21 10:38:44 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [301 == 200] result [Failed]

--- FX Bot ---

Project : bizpay

Job : Default

Env : Default

Region : Test19

Result : fail

Status Code : 500

Headers : {}

Endpoint : http://api.bizpay.co.uk/v1.25/plans/

Request :

Response :
I/O error on GET request for "http://api.bizpay.co.uk/v1.25/plans/": Read timed out; nested exception is java.net.SocketTimeoutException: Read timed out

Logs :
2019-01-25 00:03:49 DEBUG [PostPlanCreateUserAInitAbac] : URL [http://api.bizpay.co.uk/v1.25/plans] 2019-01-25 00:03:49 DEBUG [PostPlanCreateUserAInitAbac] : Method [POST] 2019-01-25 00:03:49 DEBUG [PostPlanCreateUserAInitAbac] : Request [{ }] 2019-01-25 00:03:49 DEBUG [PostPlanCreateUserAInitAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAYml6cGF5LmNvLnVrOnVzZXJB]}] 2019-01-25 00:03:49 DEBUG [PostPlanCreateUserAInitAbac] : Response [

301 Moved Permanently

nginx

] 2019-01-25 00:03:49 DEBUG [PostPlanCreateUserAInitAbac] : Response-Headers [{Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:48 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/plans]}] 2019-01-25 00:03:49 DEBUG [PostPlanCreateUserAInitAbac] : StatusCode [301] 2019-01-25 00:03:49 DEBUG [PostPlanCreateUserAInitAbac] : Time [1630] 2019-01-25 00:03:49 DEBUG [PostPlanCreateUserAInitAbac] : Size [178] 2019-01-25 00:03:49 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [301 == 200 OR 301 == 201] result [Failed] 2019-01-25 00:03:49 DEBUG [PostPlanCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:48 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/plans]}] 2019-01-25 00:03:49 DEBUG [PostPlanCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:48 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/plans]}] 2019-01-25 00:03:49 DEBUG [PostPlanCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:48 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/plans]}] 2019-01-25 00:03:49 DEBUG [PostPlanCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:48 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/plans]}] 2019-01-25 00:04:06 DEBUG [PlansIdGetUserbDisallowAbac] : URL [http://api.bizpay.co.uk/v1.25/plans/] 2019-01-25 00:04:06 DEBUG [PlansIdGetUserbDisallowAbac] : Method [GET] 2019-01-25 00:04:06 DEBUG [PlansIdGetUserbDisallowAbac] : Request [] 2019-01-25 00:04:06 DEBUG [PlansIdGetUserbDisallowAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckJAYml6cGF5LmNvLnVrOnVzZXJC]}] 2019-01-25 00:04:06 DEBUG [PlansIdGetUserbDisallowAbac] : Response [I/O error on GET request for "http://api.bizpay.co.uk/v1.25/plans/": Read timed out; nested exception is java.net.SocketTimeoutException: Read timed out] 2019-01-25 00:04:06 DEBUG [PlansIdGetUserbDisallowAbac] : Response-Headers [{}] 2019-01-25 00:04:06 DEBUG [PlansIdGetUserbDisallowAbac] : StatusCode [500] 2019-01-25 00:04:06 DEBUG [PlansIdGetUserbDisallowAbac] : Time [15799] 2019-01-25 00:04:06 DEBUG [PlansIdGetUserbDisallowAbac] : Size [152] 2019-01-25 00:04:06 ERROR [PlansIdGetUserbDisallowAbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [500 == 401 OR 500 == 403 OR == true] result [Failed] 2019-01-25 00:04:06 DEBUG [PlansIdDeleteAbstractAbac] : URL [http://api.bizpay.co.uk/v1.25/plans/] 2019-01-25 00:04:06 DEBUG [PlansIdDeleteAbstractAbac] : Method [DELETE] 2019-01-25 00:04:06 DEBUG [PlansIdDeleteAbstractAbac] : Request [null] 2019-01-25 00:04:06 DEBUG [PlansIdDeleteAbstractAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAYml6cGF5LmNvLnVrOnVzZXJB]}] 2019-01-25 00:04:06 DEBUG [PlansIdDeleteAbstractAbac] : Response [

301 Moved Permanently

nginx

] 2019-01-25 00:04:06 DEBUG [PlansIdDeleteAbstractAbac] : Response-Headers [{Server=[nginx], Date=[Fri, 25 Jan 2019 12:04:06 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/plans/]}] 2019-01-25 00:04:06 DEBUG [PlansIdDeleteAbstractAbac] : StatusCode [301] 2019-01-25 00:04:06 DEBUG [PlansIdDeleteAbstractAbac] : Time [305] 2019-01-25 00:04:06 DEBUG [PlansIdDeleteAbstractAbac] : Size [178] 2019-01-25 00:04:06 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [301 == 200] result [Failed]

--- FX Bot ---

zahedmohammed / testingApi