Skip to content

Commit 018d950

Browse files
arjun-aktoarjun-akto
authored
Merge pull request #182 from akto-api-security/fix/pro_1
feature eq_obj
2 parents 0f72967 + a4fa2c9 commit 018d950

File tree

70 files changed

+2411
-105
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

70 files changed

+2411
-105
lines changed

Broken-User-Authentication/AdvancedUnionBasedSQLiGET.yml

Lines changed: 53 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -199,6 +199,58 @@ execute:
199199
- "root:"
200200
- <html>
201201
- </html>
202-
neq: "${x1.response.body}"
202+
neq_obj: "${x1.response.body}"
203+
- success: x3
204+
- failure: exit
205+
- req:
206+
- modify_query_param:
207+
userKey: ${userVal}${unionNegativeBasedPayloads}
208+
- validate:
209+
response_code:
210+
gte: 200
211+
lt: 300
212+
response_payload:
213+
length:
214+
gt: 0
215+
not_contains:
216+
- Error
217+
- Internal Server
218+
- Fail
219+
- Unauthorized
220+
- access denied
221+
- Forbidden
222+
- Method Not allowed
223+
- Gateway timeout
224+
- request timeout
225+
- server error
226+
- server busy
227+
- authentication error
228+
- authorization error
229+
- validation error
230+
- Permission Denied
231+
- invalid token
232+
- token expired
233+
- session expired
234+
- session timeout
235+
- unexpected error
236+
- unable to process request
237+
- bad request
238+
- service unavailable
239+
- account is locked
240+
- account is blocked
241+
- multiple failed attempts
242+
- Attention Required!
243+
- CloudFlare
244+
- Sorry, you have been blocked
245+
- UNION
246+
- SELECT
247+
- "table_name"
248+
- "column_name"
249+
- "database"
250+
- "schema_name"
251+
- "root:"
252+
- <html>
253+
- </html>
254+
eq_obj: "${x2.response.body}"
203255
- success: vulnerable
204256
- failure: exit

Broken-User-Authentication/AdvancedUnionBasedSQLiLoginEndpoint.yml

Lines changed: 53 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -208,6 +208,58 @@ execute:
208208
- "root:"
209209
- <html>
210210
- </html>
211-
neq: "${x1.response.body}"
211+
neq_obj: "${x1.response.body}"
212+
- success: x3
213+
- failure: exit
214+
- req:
215+
- modify_body_param:
216+
userKey: ${userVal}${unionNegativeBasedPayloads}
217+
- validate:
218+
response_code:
219+
gte: 200
220+
lt: 300
221+
response_payload:
222+
length:
223+
gt: 0
224+
not_contains:
225+
- Error
226+
- Internal Server
227+
- Fail
228+
- Unauthorized
229+
- access denied
230+
- Forbidden
231+
- Method Not allowed
232+
- Gateway timeout
233+
- request timeout
234+
- server error
235+
- server busy
236+
- authentication error
237+
- authorization error
238+
- validation error
239+
- Permission Denied
240+
- invalid token
241+
- token expired
242+
- session expired
243+
- session timeout
244+
- unexpected error
245+
- unable to process request
246+
- bad request
247+
- service unavailable
248+
- account is locked
249+
- account is blocked
250+
- multiple failed attempts
251+
- Attention Required!
252+
- CloudFlare
253+
- Sorry, you have been blocked
254+
- UNION
255+
- SELECT
256+
- "table_name"
257+
- "column_name"
258+
- "database"
259+
- "schema_name"
260+
- "root:"
261+
- <html>
262+
- </html>
263+
eq_obj: "${x2.response.body}"
212264
- success: vulnerable
213265
- failure: exit

Broken-User-Authentication/AdvancedUnionBasedSQLiPOST.yml

Lines changed: 53 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -199,6 +199,58 @@ execute:
199199
- "root:"
200200
- <html>
201201
- </html>
202-
neq: "${x1.response.body}"
202+
neq_obj: "${x1.response.body}"
203+
- success: x3
204+
- failure: exit
205+
- req:
206+
- modify_body_param:
207+
userKey: ${userVal}${unionNegativeBasedPayloads}
208+
- validate:
209+
response_code:
210+
gte: 200
211+
lt: 300
212+
response_payload:
213+
length:
214+
gt: 0
215+
not_contains:
216+
- Error
217+
- Internal Server
218+
- Fail
219+
- Unauthorized
220+
- access denied
221+
- Forbidden
222+
- Method Not allowed
223+
- Gateway timeout
224+
- request timeout
225+
- server error
226+
- server busy
227+
- authentication error
228+
- authorization error
229+
- validation error
230+
- Permission Denied
231+
- invalid token
232+
- token expired
233+
- session expired
234+
- session timeout
235+
- unexpected error
236+
- unable to process request
237+
- bad request
238+
- service unavailable
239+
- account is locked
240+
- account is blocked
241+
- multiple failed attempts
242+
- Attention Required!
243+
- CloudFlare
244+
- Sorry, you have been blocked
245+
- UNION
246+
- SELECT
247+
- "table_name"
248+
- "column_name"
249+
- "database"
250+
- "schema_name"
251+
- "root:"
252+
- <html>
253+
- </html>
254+
eq_obj: "${x2.response.body}"
203255
- success: vulnerable
204256
- failure: exit

Broken-User-Authentication/AdvancedUnionBasedSQLiXSS.yml

Lines changed: 52 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -152,7 +152,6 @@ execute:
152152
- Sorry, you have been blocked
153153
- UNION
154154
- SELECT
155-
156155
- success: x2
157156
- failure: exit
158157
- req:
@@ -203,6 +202,57 @@ execute:
203202
- "<script>alert(4)</script>"
204203
- "<img src=x onerror=alert(5)>"
205204
- "<script>alert(7)</script>"
206-
neq: "${x1.response.body}"
205+
neq_obj: "${x1.response.body}"
206+
- success: x3
207+
- failure: exit
208+
- req:
209+
- modify_body_param:
210+
userKey: ${userVal}${advUnionXSSNegativePayloads}
211+
- validate:
212+
response_code:
213+
gte: 200
214+
lt: 300
215+
response_payload:
216+
length:
217+
gt: 0
218+
not_contains:
219+
- Error
220+
- Internal Server
221+
- Fail
222+
- Unauthorized
223+
- access denied
224+
- Forbidden
225+
- Method Not allowed
226+
- Gateway timeout
227+
- request timeout
228+
- server error
229+
- server busy
230+
- authentication error
231+
- authorization error
232+
- validation error
233+
- Permission Denied
234+
- invalid
235+
- token expired
236+
- session expired
237+
- session timeout
238+
- unexpected error
239+
- unable to process request
240+
- bad request
241+
- service unavailable
242+
- account is locked
243+
- account is blocked
244+
- multiple failed attempts
245+
- Attention Required!
246+
- CloudFlare
247+
- Sorry, you have been blocked
248+
- UNION
249+
- SELECT
250+
- "<script>alert(1)</script>"
251+
- "<script>alert(2)</script>"
252+
- "<script>alert(3)</script>"
253+
- "<script>alert(4)</script>"
254+
- "<img src=x onerror=alert(5)>"
255+
- "<script>alert(7)</script>"
256+
eq_obj: "${x2.response.body}"
207257
- success: vulnerable
208258
- failure: exit

Broken-User-Authentication/AdvancedUnionBasedSQLiXSSGET.yml

Lines changed: 52 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -195,6 +195,57 @@ execute:
195195
- "<script>alert(4)</script>"
196196
- "<img src=x onerror=alert(5)>"
197197
- "<script>alert(7)</script>"
198-
neq: "${x1.response.body}"
198+
neq_obj: "${x1.response.body}"
199+
- success: x3
200+
- failure: exit
201+
- req:
202+
- modify_query_param:
203+
userKey: ${userVal}${advUnionXSSNegativePayloads}
204+
- validate:
205+
response_code:
206+
gte: 200
207+
lt: 300
208+
response_payload:
209+
length:
210+
gt: 0
211+
not_contains:
212+
- Error
213+
- Internal Server
214+
- Fail
215+
- Unauthorized
216+
- access denied
217+
- Forbidden
218+
- Method Not allowed
219+
- Gateway timeout
220+
- request timeout
221+
- server error
222+
- server busy
223+
- authentication error
224+
- authorization error
225+
- validation error
226+
- Permission Denied
227+
- invalid
228+
- token expired
229+
- session expired
230+
- session timeout
231+
- unexpected error
232+
- unable to process request
233+
- bad request
234+
- service unavailable
235+
- account is locked
236+
- account is blocked
237+
- multiple failed attempts
238+
- Attention Required!
239+
- CloudFlare
240+
- Sorry, you have been blocked
241+
- UNION
242+
- SELECT
243+
- "<script>alert(1)</script>"
244+
- "<script>alert(2)</script>"
245+
- "<script>alert(3)</script>"
246+
- "<script>alert(4)</script>"
247+
- "<img src=x onerror=alert(5)>"
248+
- "<script>alert(7)</script>"
249+
eq_obj: "${x2.response.body}"
199250
- success: vulnerable
200251
- failure: exit

Broken-User-Authentication/AdvancedUnionBasedSQLiXSSPOST.yml

Lines changed: 52 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -195,6 +195,57 @@ execute:
195195
- "<script>alert(4)</script>"
196196
- "<img src=x onerror=alert(5)>"
197197
- "<script>alert(7)</script>"
198-
neq: "${x1.response.body}"
198+
neq_obj: "${x1.response.body}"
199+
- success: x3
200+
- failure: exit
201+
- req:
202+
- modify_body_param:
203+
userKey: ${userVal}${advUnionXSSNegativePayloads}
204+
- validate:
205+
response_code:
206+
gte: 200
207+
lt: 300
208+
response_payload:
209+
length:
210+
gt: 0
211+
not_contains:
212+
- Error
213+
- Internal Server
214+
- Fail
215+
- Unauthorized
216+
- access denied
217+
- Forbidden
218+
- Method Not allowed
219+
- Gateway timeout
220+
- request timeout
221+
- server error
222+
- server busy
223+
- authentication error
224+
- authorization error
225+
- validation error
226+
- Permission Denied
227+
- invalid
228+
- token expired
229+
- session expired
230+
- session timeout
231+
- unexpected error
232+
- unable to process request
233+
- bad request
234+
- service unavailable
235+
- account is locked
236+
- account is blocked
237+
- multiple failed attempts
238+
- Attention Required!
239+
- CloudFlare
240+
- Sorry, you have been blocked
241+
- UNION
242+
- SELECT
243+
- "<script>alert(1)</script>"
244+
- "<script>alert(2)</script>"
245+
- "<script>alert(3)</script>"
246+
- "<script>alert(4)</script>"
247+
- "<img src=x onerror=alert(5)>"
248+
- "<script>alert(7)</script>"
249+
eq_obj: "${x2.response.body}"
199250
- success: vulnerable
200251
- failure: exit

0 commit comments

Comments
 (0)