Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates to app ID #2

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Updates to app ID #2

wants to merge 7 commits into from

Conversation

sgerlach
Copy link
Owner

No description provided.

stackhawk[bot]
stackhawk bot reviewed Jun 14, 2023
View reviewed changes
Copy link

@stackhawk stackhawk bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❌ HawkScan Failed.

HawkScan Target Not Found Error:

Unable to access https://localhost:9000. Check if the web server is listening on the specified port.

Scan ID: 03c3a7cb-b0e9-4c2d-a084-13f4038b816c
Application: DeathStarAPI
Environment: custom-params

stackhawk[bot]
stackhawk bot reviewed Jun 14, 2023
View reviewed changes
Copy link

@stackhawk stackhawk bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❌ HawkScan Failed.

HawkScan Target Not Found Error:

Unable to access https://localhost:9000. Check if the web server is listening on the specified port.

Scan ID: 3ff3531e-90ed-492b-b327-a5e37eea0a2f
Application: DeathStarAPI
Environment: custom-params

stackhawk[bot]
stackhawk bot reviewed Jun 14, 2023
View reviewed changes
Copy link

@stackhawk stackhawk bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🦅 HawkScan Completed

DeathStarAPI | custom-params

Check Failed: "8 Findings >= High Found"

5 Findings:

8 High Finding(s) 11 Medium Finding(s) 0 Medium Finding(s)

Vulnerability Details

NoSQL Injection - MongoDB

Severity High, Category Uncategorized View in StackHawk

Found on 3 Paths 
paths:
- /api/jwt/users/search/
- /api/jwt/items/search/
- /api/jwt/users/search/

SQL Injection

Severity High, Category Input Sanitization View in StackHawk

Found on 4 Paths 
paths:
- /api/jwt/items/search/'
- /api/jwt/items/search
- /api/jwt/items/search/'
- /api/jwt/users/search/bad/'

ScottyCo Brewing Custom Tenant Check

Severity High, Category Uncategorized View in StackHawk

Found on 1 Path 
paths:
- /api/jwt/users/search/bad/user

Parameter Tampering

Severity Medium, Category Uncategorized View in StackHawk

Found on 1 Path 
paths:
- /api/jwt/items/search

Proxy Disclosure

Severity Medium, Category Information Leakage View in StackHawk

Found on 10 Paths 
paths:
- /api/basic
- /api/basic/items/search
- /api/basic/items
- /api/jwt/auth/signin
- /api/jwt/items/search/
- /api/jwt/admin/freeHosen
- /api/jwt
- /api/jwt/items/search
- /api/basic/items/search/pants
- <root>

Scan Metadata 
duration: 15 min 56 sec 
date: Jun 14, 2023 at 4:01 PM UTC
scannedPaths: 28
hawkscanVersion: 3.1.0
host: https://localhost:9000
Scan IDs 
applicationId: 52565685-666d-4da7-b9d2-034af780217c
scanId: edf5a21c-1b88-4257-85af-221d67a8187c

View in StackHawk

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stackhawk stackhawk[bot] stackhawk[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@sgerlach