zahedmohammed
commented
5 years ago Project : bizpay
Job : Default
Env : Default
Region : Test19
Result : fail
Status Code : 301
Headers : {Server=[nginx], Date=[Mon, 21 Jan 2019 10:39:09 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/&actor_id=1052614683]}
Endpoint : http://api.bizpay.co.uk/v1.25/charges/methods/&actor_id=1052614683
Request :
Response :
301 Moved Permanently
Logs :
2019-01-21 10:39:09 DEBUG [ChargesMethodsPostAnonymousInvalid] : URL [http://api.bizpay.co.uk/v1.25/charges/methods/&actor_id=1052614683]
2019-01-21 10:39:09 DEBUG [ChargesMethodsPostAnonymousInvalid] : Method [POST]
2019-01-21 10:39:09 DEBUG [ChargesMethodsPostAnonymousInvalid] : Request []
2019-01-21 10:39:09 DEBUG [ChargesMethodsPostAnonymousInvalid] : Request-Headers [{Content-Type=[application/json], Accept=[application/json]}]
2019-01-21 10:39:09 DEBUG [ChargesMethodsPostAnonymousInvalid] : Response [
301 Moved Permanently
] 2019-01-21 10:39:09 DEBUG [ChargesMethodsPostAnonymousInvalid] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 10:39:09 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/&actor_id=1052614683]}] 2019-01-21 10:39:09 DEBUG [ChargesMethodsPostAnonymousInvalid] : StatusCode [301] 2019-01-21 10:39:09 DEBUG [ChargesMethodsPostAnonymousInvalid] : Time [324] 2019-01-21 10:39:09 DEBUG [ChargesMethodsPostAnonymousInvalid] : Size [178] 2019-01-21 10:39:09 ERROR [ChargesMethodsPostAnonymousInvalid] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [301 == 401 OR 301 == 403] result [Failed]
--- FX Bot ---
Project : bizpay
Job : Default
Env : Default
Category : Unsecured
Tags : [ OWASP - OTG-AUTHN-002, FX Top 10 - API Vulnerability]
Severity : Major
Region : FXLabs/US_WEST_1
Result : fail
Status Code : 301
Headers : {Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:38 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/&actor_id=1039000829]}
Endpoint : http://api.bizpay.co.uk/v1.25/charges/methods/&actor_id=1039000829
Request :
Response :
301 Moved Permanently
Logs :
2019-01-21 06:16:36 DEBUG [ChargesMethodsPostAnonymousInvalid] : URL [http://api.bizpay.co.uk/v1.25/charges/methods/&actor_id=1039000829] 2019-01-21 06:16:36 DEBUG [ChargesMethodsPostAnonymousInvalid] : Method [POST] 2019-01-21 06:16:36 DEBUG [ChargesMethodsPostAnonymousInvalid] : Request [] 2019-01-21 06:16:36 DEBUG [ChargesMethodsPostAnonymousInvalid] : Request-Headers [{Content-Type=[application/json], Accept=[application/json]}] 2019-01-21 06:16:36 DEBUG [ChargesMethodsPostAnonymousInvalid] : Response [
301 Moved Permanently
] 2019-01-21 06:16:36 DEBUG [ChargesMethodsPostAnonymousInvalid] : Response-Headers [{Server=[nginx], Date=[Mon, 21 Jan 2019 06:16:38 GMT], Content-Type=[text/html], Content-Length=[178], Connection=[keep-alive], Location=[https://api.bizpay.co.uk/v1.25/charges/methods/&actor_id=1039000829]}] 2019-01-21 06:16:36 DEBUG [ChargesMethodsPostAnonymousInvalid] : StatusCode [301] 2019-01-21 06:16:36 DEBUG [ChargesMethodsPostAnonymousInvalid] : Time [560] 2019-01-21 06:16:36 DEBUG [ChargesMethodsPostAnonymousInvalid] : Size [178] 2019-01-21 06:16:36 ERROR [ChargesMethodsPostAnonymousInvalid] : Assertion [@StatusCode == 401 OR @StatusCode == 403] resolved-to [301 == 401 OR 301 == 403] result [Failed]
--- FX Bot ---