Open zahedmohammed opened 5 years ago
Project : bizpay
Job : Default
Env : Default
Region : Test19
Result : fail
Status Code : 301
Headers : {Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:30 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/refund/?amount=]}
Endpoint : http://api.bizpay.co.uk/v1.25/charges/refund/?amount=
Request :
{
"id" : "",
"gateway" : "worldpay",
"label" : "p5yEolEf",
"default" : false,
"show" : false
}
Response :
Logs :
2019-01-21 10:38:29 DEBUG [null] : URL [http://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=DXaQEFMj]
2019-01-21 10:38:29 DEBUG [null] : Method [POST]
2019-01-21 10:38:29 DEBUG [null] : Request [{
"id" : "",
"gateway" : "worldpay",
"label" : "bt4tZYIG",
"default" : false,
"show" : false
}]
2019-01-21 10:38:29 DEBUG [null] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAYml6cGF5LmNvLnVrOnVzZXJB]}]
2019-01-21 10:38:29 DEBUG [null] : Response [
] 2019-01-21 10:38:29 DEBUG [null] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:29 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=DXaQEFMj]}] 2019-01-21 10:38:29 DEBUG [null] : StatusCode [301] 2019-01-21 10:38:29 DEBUG [null] : Time [314] 2019-01-21 10:38:29 DEBUG [null] : Size [178] 2019-01-21 10:38:29 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [301 == 200 OR 301 == 201] result [Failed] 2019-01-21 10:38:29 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:29 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=DXaQEFMj]}] 2019-01-21 10:38:29 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:29 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=DXaQEFMj]}] 2019-01-21 10:38:29 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:29 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=DXaQEFMj]}] 2019-01-21 10:38:29 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:29 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=DXaQEFMj]}] 2019-01-21 10:38:30 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : URL [http://api.bizpay.co.uk/v1.25/charges/refund/?amount=] 2019-01-21 10:38:30 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Method [PUT] 2019-01-21 10:38:30 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Request [{ "id" : "", "gateway" : "worldpay", "label" : "p5yEolEf", "default" : false, "show" : false }] 2019-01-21 10:38:30 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckNAYml6cGF5LmNvLnVrOnVzZXJD]}] 2019-01-21 10:38:30 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Response [
] 2019-01-21 10:38:30 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:30 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/refund/?amount=]}] 2019-01-21 10:38:30 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : StatusCode [301] 2019-01-21 10:38:30 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Time [313] 2019-01-21 10:38:30 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Size [178] 2019-01-21 10:38:30 ERROR [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [301 == 401 OR 301 == 403 OR == true] result [Failed] 2019-01-21 10:38:30 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : URL [http://api.bizpay.co.uk/v1.25/charges/methods/] 2019-01-21 10:38:30 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Method [DELETE] 2019-01-21 10:38:30 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Request [null] 2019-01-21 10:38:30 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAYml6cGF5LmNvLnVrOnVzZXJB]}] 2019-01-21 10:38:30 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Response [
] 2019-01-21 10:38:30 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:38:30 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/]}] 2019-01-21 10:38:30 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : StatusCode [301] 2019-01-21 10:38:30 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Time [302] 2019-01-21 10:38:30 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Size [178] 2019-01-21 10:38:30 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [301 == 200] result [Failed]
--- FX Bot ---
Project : bizpay
Job : Default
Env : Default
Region : Test19
Result : fail
Status Code : 301
Headers : {Server=[nginx], Date=[Mon, 21 Jan 2019 11:15:52 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/refund/?amount=]}
Endpoint : http://api.bizpay.co.uk/v1.25/charges/refund/?amount=
Request :
{
"id" : "",
"gateway" : "worldpay",
"label" : "KO3L7BoW",
"default" : false,
"show" : false
}
Response :
Logs :
Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [301 == 401 OR 301 == 403 OR == true] result [Failed]
--- FX Bot ---
Project : bizpay
Job : Default
Env : Default
Region : Test19
Result : fail
Status Code : 301
Headers : {Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:51 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/refund/?amount=]}
Endpoint : http://api.bizpay.co.uk/v1.25/charges/refund/?amount=
Request :
{
"id" : "",
"gateway" : "worldpay",
"label" : "zJaPMQa8",
"default" : false,
"show" : false
}
Response :
Logs :
2019-01-25 00:03:51 DEBUG [PostChargeMethodCreateUserAInitAbac] : URL [http://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=fpBuRYVZ]
2019-01-25 00:03:51 DEBUG [PostChargeMethodCreateUserAInitAbac] : Method [POST]
2019-01-25 00:03:51 DEBUG [PostChargeMethodCreateUserAInitAbac] : Request [{
"id" : "",
"gateway" : "worldpay",
"label" : "YaYB3UoN",
"default" : false,
"show" : false
}]
2019-01-25 00:03:51 DEBUG [PostChargeMethodCreateUserAInitAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAYml6cGF5LmNvLnVrOnVzZXJB]}]
2019-01-25 00:03:51 DEBUG [PostChargeMethodCreateUserAInitAbac] : Response [
] 2019-01-25 00:03:51 DEBUG [PostChargeMethodCreateUserAInitAbac] : Response-Headers [{Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:50 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=fpBuRYVZ]}] 2019-01-25 00:03:51 DEBUG [PostChargeMethodCreateUserAInitAbac] : StatusCode [301] 2019-01-25 00:03:51 DEBUG [PostChargeMethodCreateUserAInitAbac] : Time [318] 2019-01-25 00:03:51 DEBUG [PostChargeMethodCreateUserAInitAbac] : Size [178] 2019-01-25 00:03:51 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [301 == 200 OR 301 == 201] result [Failed] 2019-01-25 00:03:51 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:50 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=fpBuRYVZ]}] 2019-01-25 00:03:51 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:50 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=fpBuRYVZ]}] 2019-01-25 00:03:51 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:50 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=fpBuRYVZ]}] 2019-01-25 00:03:51 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:50 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=fpBuRYVZ]}] 2019-01-25 00:03:51 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : URL [http://api.bizpay.co.uk/v1.25/charges/refund/?amount=] 2019-01-25 00:03:51 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Method [PUT] 2019-01-25 00:03:51 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Request [{ "id" : "", "gateway" : "worldpay", "label" : "zJaPMQa8", "default" : false, "show" : false }] 2019-01-25 00:03:51 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckNAYml6cGF5LmNvLnVrOnVzZXJD]}] 2019-01-25 00:03:51 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Response [
] 2019-01-25 00:03:51 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Response-Headers [{Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:51 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/refund/?amount=]}] 2019-01-25 00:03:51 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : StatusCode [301] 2019-01-25 00:03:51 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Time [324] 2019-01-25 00:03:51 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Size [178] 2019-01-25 00:03:51 ERROR [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [301 == 401 OR 301 == 403 OR == true] result [Failed] 2019-01-25 00:03:52 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : URL [http://api.bizpay.co.uk/v1.25/charges/methods/] 2019-01-25 00:03:52 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Method [DELETE] 2019-01-25 00:03:52 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Request [null] 2019-01-25 00:03:52 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAYml6cGF5LmNvLnVrOnVzZXJB]}] 2019-01-25 00:03:52 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Response [
] 2019-01-25 00:03:52 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Response-Headers [{Server=[nginx], Date=[Fri, 25 Jan 2019 12:03:51 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/]}] 2019-01-25 00:03:52 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : StatusCode [301] 2019-01-25 00:03:52 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Time [306] 2019-01-25 00:03:52 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Size [178] 2019-01-25 00:03:52 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [301 == 200] result [Failed]
--- FX Bot ---
Project : bizpay
Job : Default
Env : Default
Category : ABAC_Level1
Tags : [FX Top 10 - API Vulnerability]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 301
Headers : {Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:31 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/refund/?amount=]}
Endpoint : http://api.bizpay.co.uk/v1.25/charges/refund/?amount=
Request :
{ "id" : "", "gateway" : "worldpay", "label" : "v2xlHbso", "default" : false, "show" : false }
Response :
301 Moved Permanently
Logs :
2019-01-21 06:16:29 DEBUG [null] : URL [http://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=LJLzeKlb] 2019-01-21 06:16:29 DEBUG [null] : Method [POST] 2019-01-21 06:16:29 DEBUG [null] : Request [{ "id" : "", "gateway" : "worldpay", "label" : "B3vnxlpu", "default" : false, "show" : false }] 2019-01-21 06:16:29 DEBUG [null] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAYml6cGF5LmNvLnVrOnVzZXJB]}] 2019-01-21 06:16:29 DEBUG [null] : Response [
301 Moved Permanently
] 2019-01-21 06:16:29 DEBUG [null] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:30 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=LJLzeKlb]}] 2019-01-21 06:16:29 DEBUG [null] : StatusCode [301] 2019-01-21 06:16:29 DEBUG [null] : Time [587] 2019-01-21 06:16:29 DEBUG [null] : Size [178] 2019-01-21 06:16:29 ERROR [null] : Assertion [@StatusCode == 200 OR @StatusCode == 201] resolved-to [301 == 200 OR 301 == 201] result [Failed] 2019-01-21 06:16:29 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:30 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=LJLzeKlb]}] 2019-01-21 06:16:29 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:30 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=LJLzeKlb]}] 2019-01-21 06:16:29 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:30 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=LJLzeKlb]}] 2019-01-21 06:16:29 DEBUG [PostChargeMethodCreateUserAInitAbac_Headers[2]] : Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:30 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/?customer_id=LJLzeKlb]}] 2019-01-21 06:16:29 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : URL [http://api.bizpay.co.uk/v1.25/charges/refund/?amount=] 2019-01-21 06:16:29 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Method [PUT] 2019-01-21 06:16:29 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Request [{ "id" : "", "gateway" : "worldpay", "label" : "v2xlHbso", "default" : false, "show" : false }] 2019-01-21 06:16:29 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckNAYml6cGF5LmNvLnVrOnVzZXJD]}] 2019-01-21 06:16:29 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Response [
301 Moved Permanently
] 2019-01-21 06:16:29 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:31 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/refund/?amount=]}] 2019-01-21 06:16:29 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : StatusCode [301] 2019-01-21 06:16:29 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Time [650] 2019-01-21 06:16:29 DEBUG [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Size [178] 2019-01-21 06:16:29 ERROR [ChargesRefundIdAmountAmountPutUsercDisallowAbac] : Assertion [@StatusCode == 401 OR @StatusCode == 403 OR @Response.errors == true] resolved-to [301 == 401 OR 301 == 403 OR == true] result [Failed] 2019-01-21 06:16:30 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : URL [http://api.bizpay.co.uk/v1.25/charges/methods/] 2019-01-21 06:16:30 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Method [DELETE] 2019-01-21 06:16:30 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Request [null] 2019-01-21 06:16:30 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Request-Headers [{Content-Type=[application/json], Accept=[application/json], Authorization=[Basic dXNlckFAYml6cGF5LmNvLnVrOnVzZXJB]}] 2019-01-21 06:16:30 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Response [
301 Moved Permanently
] 2019-01-21 06:16:30 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:31 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/]}] 2019-01-21 06:16:30 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : StatusCode [301] 2019-01-21 06:16:30 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Time [613] 2019-01-21 06:16:30 DEBUG [ChargesMethodsIdDeleteAbstractAbac] : Size [178] 2019-01-21 06:16:30 ERROR [null] : Assertion [@StatusCode == 200] resolved-to [301 == 200] result [Failed]
--- FX Bot ---