diff --git a/cscg24/.DS_Store b/cscg24/.DS_Store index 0156d16..ed89120 100644 Binary files a/cscg24/.DS_Store and b/cscg24/.DS_Store differ diff --git a/cscg24/web/intro_web_2/intro_web_2_session.session b/cscg24/web/intro_web_2/intro_web_2_session.session new file mode 100644 index 0000000..e4352ac --- /dev/null +++ b/cscg24/web/intro_web_2/intro_web_2_session.session @@ -0,0 +1,6 @@ + + + 1709346750724 + Untitled Session + + diff --git a/cscg24/web/intro_web_2/intro_web_2_session.session.data b/cscg24/web/intro_web_2/intro_web_2_session.session.data new file mode 100644 index 0000000..df5ae5c Binary files /dev/null and b/cscg24/web/intro_web_2/intro_web_2_session.session.data differ diff --git a/cscg24/web/intro_web_2/intro_web_2_session.session.lck b/cscg24/web/intro_web_2/intro_web_2_session.session.lck new file mode 100644 index 0000000..ada58ee Binary files /dev/null and b/cscg24/web/intro_web_2/intro_web_2_session.session.lck differ diff --git a/cscg24/web/intro_web_2/intro_web_2_session.session.lobs b/cscg24/web/intro_web_2/intro_web_2_session.session.lobs new file mode 100644 index 0000000..e50f791 Binary files /dev/null and b/cscg24/web/intro_web_2/intro_web_2_session.session.lobs differ diff --git a/cscg24/web/intro_web_2/intro_web_2_session.session.log b/cscg24/web/intro_web_2/intro_web_2_session.session.log new file mode 100644 index 0000000..edd1eb7 --- /dev/null +++ b/cscg24/web/intro_web_2/intro_web_2_session.session.log @@ -0,0 +1,2903 @@ +/*C2*/SET SCHEMA PUBLIC +SET FILES LOG TRUE +/*C4*/SET SCHEMA PUBLIC +DELETE FROM SESSION WHERE SESSIONID=1709346750724 +INSERT INTO SESSION VALUES(1709346750724,'Untitled Session','2024-03-02 03:32:43.041776') +COMMIT +/*C3*/SET SCHEMA PUBLIC +INSERT INTO HISTORY VALUES(1,1709346750724,1,200,1709346894944,457,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:34:55 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) +COMMIT +INSERT INTO HISTORY VALUES(2,1709346750724,0,0,0,0,'GET','https://api.cscg.live:444','GET https://api.cscg.live:444 HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','','',NULL,'',FALSE) +COMMIT +INSERT INTO HISTORY VALUES(3,1709346750724,0,0,0,0,'GET','https://api.cscg.live:444/platform.Platform','GET https://api.cscg.live:444/platform.Platform HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','','',NULL,'',FALSE) +COMMIT +/*C10*/SET SCHEMA PUBLIC +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',1,'','https://play.cscg.live') +COMMIT +INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',1,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message') +COMMIT +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',1,'','h3=":443"; ma=2592000') +COMMIT +INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',1,'','application/grpc-web+proto') +COMMIT +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',1,'','Caddy') +COMMIT +INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',1,'','Origin') +COMMIT +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',1,'','Sat%2C 02 Mar 2024 02:34:55 GMT') +COMMIT +INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',1,'','129') +COMMIT +/*C5*/SET SCHEMA PUBLIC +INSERT INTO ALERT VALUES(0,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',1,1,'','',319,15,3,'','10035-1') +COMMIT +/*C6*/SET SCHEMA PUBLIC +INSERT INTO ALERT_TAG VALUES(1,0,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(2,0,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(1,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',1,1,'','',693,15,3,'','10021') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(3,1,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(4,1,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(4,1709346750724,1,403,1709346896051,237,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/\u000d\u000aUpgrade-Insecure-Requests: 1\u000d\u000aSec-Fetch-Dest: document\u000d\u000aSec-Fetch-Mode: navigate\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000aSec-Fetch-User: ?1\u000d\u000a\u000d\u000a','','HTTP/1.1 403 Forbidden\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:34:56 GMT\u000d\u000aContent-Type: text/html\u000d\u000aContent-Length: 384\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-180"\u000d\u000a\u000d\u000a','3c68746d6c3e0a3c686561643e0a202020203c7469746c653e496e74726f20746f2057656220323c2f7469746c653e0a202020203c6d65746120636861727365743d225554462d38223e0a202020203c6c696e6b2072656c3d227374796c6573686565742220747970653d22746578742f6373732220687265663d227374796c652e63737322202f3e0a3c2f686561643e0a3c626f64793e0a3c68313e24284745524d414e5f4349545929205472616d205469636b6574204d616368696e653c2f68313e0a0a3c68333e3c7370616e207374796c653d22636f6c6f723a20726564223e496e736563757265206f7065726174696e672073797374656d213c2f7370616e3e3c2f68333e0a3c68723e0a466f7220734563557249745920724561536f4e732c20796f75206e65656420746f2075706461746520796f75722073797374656d20746f2057696e646f7773203935206265666f726520616363657373696e6720746869732077656273697465210a3c2f626f64793e0a3c2f68746d6c3e',NULL,'',TRUE) +COMMIT +INSERT INTO HISTORY VALUES(5,1709346750724,0,0,0,0,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337 HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/\u000d\u000aUpgrade-Insecure-Requests: 1\u000d\u000aSec-Fetch-Dest: document\u000d\u000aSec-Fetch-Mode: navigate\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000aSec-Fetch-User: ?1\u000d\u000a\u000d\u000a','','','',NULL,'',FALSE) +COMMIT +INSERT INTO HISTORY VALUES(6,1709346750724,1,200,1709346896338,23,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/css,*/*;q=0.1\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html\u000d\u000aSec-Fetch-Dest: style\u000d\u000aSec-Fetch-Mode: no-cors\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:34:56 GMT\u000d\u000aContent-Type: text/plain\u000d\u000aContent-Length: 287\u000d\u000aLast-Modified: Thu, 01 Jan 1970 00:00:01 GMT\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-11f"\u000d\u000aCache-Control: no-store\u000d\u000aAccept-Ranges: bytes\u000d\u000a\u000d\u000a','68746d6c207b0a202020206d61782d77696474683a20373063683b0a2020202070616464696e673a2033656d2031656d3b0a202020206d617267696e3a206175746f3b0a202020206c696e652d6865696768743a20312e37353b0a20202020666f6e742d73697a653a20312e3235656d3b0a0a202020206261636b67726f756e642d636f6c6f723a20233145323132323b0a20202020636f6c6f723a20234244423741463b0a7d0a68312c2068322c206833207b0a20202020636f6c6f723a20234538453645333b0a7d0a6872207b0a202020206d617267696e2d746f703a202d31656d3b0a7d0a61207b0a20202020636f6c6f723a206c69676874626c75653b0a20202020746578742d6465636f726174696f6e3a206e6f6e653b0a7d0a',NULL,'',TRUE) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(2,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',6,6,'','nginx/1.24.0',200,13,3,'','10036') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(5,2,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(6,2,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +INSERT INTO ALERT_TAG VALUES(7,2,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server') +COMMIT +/*C10*/INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',1,'','nginx/1.24.0') +COMMIT +INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',1,'','Sat%2C 02 Mar 2024 02:34:56 GMT') +COMMIT +INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',1,'','text/html') +COMMIT +INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',1,'','384') +COMMIT +INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',1,'','keep-alive') +COMMIT +INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',1,'','"1-180"') +COMMIT +DELETE FROM PARAM WHERE PARAMID=9 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Server' AND USED=1 AND FLAGS='' AND VALS='nginx/1.24.0' +INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',2,'','nginx/1.24.0') +COMMIT +DELETE FROM PARAM WHERE PARAMID=10 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Date' AND USED=1 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT' +INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',2,'','Sat%2C 02 Mar 2024 02:34:56 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=11 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Type' AND USED=1 AND FLAGS='' AND VALS='text/html' +INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',2,'','text/html,text/plain') +COMMIT +DELETE FROM PARAM WHERE PARAMID=12 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Length' AND USED=1 AND FLAGS='' AND VALS='384' +INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',2,'','287,384') +COMMIT +INSERT INTO PARAM VALUES(15,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Last-Modified',1,'','Thu%2C 01 Jan 1970 00:00:01 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=13 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Connection' AND USED=1 AND FLAGS='' AND VALS='keep-alive' +INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',2,'','keep-alive') +COMMIT +DELETE FROM PARAM WHERE PARAMID=14 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='ETag' AND USED=1 AND FLAGS='' AND VALS='"1-180"' +INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',2,'','"1-180","1-11f"') +COMMIT +INSERT INTO PARAM VALUES(16,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Cache-Control',1,'','no-store') +COMMIT +INSERT INTO PARAM VALUES(17,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Accept-Ranges',1,'','bytes') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(3,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',6,6,'','',319,15,3,'','10035-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(8,3,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(9,3,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(4,0,10038,'Content Security Policy (CSP) Header Not Set',2,3,'Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page \u2014 covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.','https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy\u000ahttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\u000ahttps://www.w3.org/TR/CSP/\u000ahttps://w3c.github.io/webappsec-csp/\u000ahttps://web.dev/articles/csp\u000ahttps://caniuse.com/#feat=contentsecuritypolicy\u000ahttps://content-security-policy.com/',4,4,'','',693,15,3,'','10038-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(10,4,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(11,4,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(5,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',6,6,'','',693,15,3,'','10021') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(12,5,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(13,5,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(6,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',4,4,'','nginx/1.24.0',200,13,3,'','10036') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(14,6,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(15,6,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +INSERT INTO ALERT_TAG VALUES(16,6,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(7,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',4,4,'','',319,15,3,'','10035-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(17,7,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(18,7,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(7,1709346750724,1,200,1709346896616,130,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:34:56 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE) +COMMIT +/*C10*/INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',1,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization') +COMMIT +INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',1,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE') +COMMIT +DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=1 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',2,'','https://play.cscg.live') +COMMIT +DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=1 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',2,'','h3=":443"; ma=2592000') +COMMIT +INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',1,'','0') +COMMIT +DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=1 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:55 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',2,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=1 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',2,'','Caddy') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(8,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',7,7,'','',319,15,3,'','10035-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(19,8,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(20,8,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(8,1709346750724,1,200,1709346896918,112,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:34:57 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=2 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',3,'','https://play.cscg.live') +COMMIT +DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=1 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message' +INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',2,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message') +COMMIT +DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=2 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',3,'','h3=":443"; ma=2592000') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(9,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',8,8,'','',319,15,3,'','10035-1') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=1 AND FLAGS='' AND VALS='application/grpc-web+proto' +INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',2,'','application/grpc-web+proto') +COMMIT +DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=2 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',3,'','Caddy') +COMMIT +DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=1 AND FLAGS='' AND VALS='Origin' +INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',2,'','Origin') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(21,9,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(22,9,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=2 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',3,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=1 AND FLAGS='' AND VALS='129' +INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',2,'','129') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(10,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',8,8,'','',693,15,3,'','10021') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(23,10,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(24,10,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_CHANNEL VALUES(1,'zap',443,'','2024-03-02 03:34:57.550000',NULL,NULL) +COMMIT +/*C1*/SET SCHEMA SYSTEM_LOBS +INSERT INTO LOB_IDS VALUES(1,61,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 2 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=0 +INSERT INTO BLOCKS VALUES(0,1,0) +INSERT INTO BLOCKS VALUES(1,2147483646,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=0 +INSERT INTO LOBS VALUES(0,1,0,1) +COMMIT +/*C13*/INSERT INTO WEBSOCKET_MESSAGE VALUES(1,1,'2024-03-02 03:34:57.691000',1,1,NULL,61,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=1 +INSERT INTO LOB_IDS VALUES(1,61,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(2,77,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 3 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=1 +INSERT INTO BLOCKS VALUES(1,1,0) +INSERT INTO BLOCKS VALUES(2,2147483645,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=1 +INSERT INTO LOBS VALUES(1,1,0,2) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(2,1,'2024-03-02 03:34:57.707000',1,2,NULL,77,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=2 +INSERT INTO LOB_IDS VALUES(2,77,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(3,49,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 4 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=2 +INSERT INTO BLOCKS VALUES(2,1,0) +INSERT INTO BLOCKS VALUES(3,2147483644,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=2 +INSERT INTO LOBS VALUES(2,1,0,3) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(3,1,'2024-03-02 03:34:57.712000',1,3,NULL,49,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=3 +INSERT INTO LOB_IDS VALUES(3,49,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(4,120,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 5 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=3 +INSERT INTO BLOCKS VALUES(3,1,0) +INSERT INTO BLOCKS VALUES(4,2147483643,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=3 +INSERT INTO LOBS VALUES(3,1,0,4) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(4,1,'2024-03-02 03:34:57.714000',1,4,NULL,120,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=4 +INSERT INTO LOB_IDS VALUES(4,120,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(5,117,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 6 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=4 +INSERT INTO BLOCKS VALUES(4,1,0) +INSERT INTO BLOCKS VALUES(5,2147483642,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=4 +INSERT INTO LOBS VALUES(4,1,0,5) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(5,1,'2024-03-02 03:34:57.733000',1,5,NULL,117,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=5 +INSERT INTO LOB_IDS VALUES(5,117,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(6,112,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 7 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=5 +INSERT INTO BLOCKS VALUES(5,1,0) +INSERT INTO BLOCKS VALUES(6,2147483641,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=5 +INSERT INTO LOBS VALUES(5,1,0,6) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(6,1,'2024-03-02 03:34:57.735000',1,6,NULL,112,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=6 +INSERT INTO LOB_IDS VALUES(6,112,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(7,108,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 8 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=6 +INSERT INTO BLOCKS VALUES(6,1,0) +INSERT INTO BLOCKS VALUES(7,2147483640,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=6 +INSERT INTO LOBS VALUES(6,1,0,7) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(7,1,'2024-03-02 03:34:57.796000',1,7,NULL,108,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=7 +INSERT INTO LOB_IDS VALUES(7,108,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(8,118,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 9 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=7 +INSERT INTO BLOCKS VALUES(7,1,0) +INSERT INTO BLOCKS VALUES(8,2147483639,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=7 +INSERT INTO LOBS VALUES(7,1,0,8) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(8,1,'2024-03-02 03:34:57.802000',1,8,NULL,118,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=8 +INSERT INTO LOB_IDS VALUES(8,118,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(9,110,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 10 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=8 +INSERT INTO BLOCKS VALUES(8,1,0) +INSERT INTO BLOCKS VALUES(9,2147483638,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=8 +INSERT INTO LOBS VALUES(8,1,0,9) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(9,1,'2024-03-02 03:34:57.805000',1,9,NULL,110,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=9 +INSERT INTO LOB_IDS VALUES(9,110,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(10,130,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 11 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=9 +INSERT INTO BLOCKS VALUES(9,1,0) +INSERT INTO BLOCKS VALUES(10,2147483637,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=9 +INSERT INTO LOBS VALUES(9,1,0,10) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(10,1,'2024-03-02 03:34:57.814000',1,10,NULL,130,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=10 +INSERT INTO LOB_IDS VALUES(10,130,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(11,114,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 12 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=10 +INSERT INTO BLOCKS VALUES(10,1,0) +INSERT INTO BLOCKS VALUES(11,2147483636,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=10 +INSERT INTO LOBS VALUES(10,1,0,11) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(11,1,'2024-03-02 03:34:57.822000',1,11,NULL,114,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=11 +INSERT INTO LOB_IDS VALUES(11,114,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(12,106,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 13 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=11 +INSERT INTO BLOCKS VALUES(11,1,0) +INSERT INTO BLOCKS VALUES(12,2147483635,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=11 +INSERT INTO LOBS VALUES(11,1,0,12) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(12,1,'2024-03-02 03:34:57.823000',1,12,NULL,106,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=12 +INSERT INTO LOB_IDS VALUES(12,106,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(13,201,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 14 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=12 +INSERT INTO BLOCKS VALUES(12,1,0) +INSERT INTO BLOCKS VALUES(13,2147483634,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=12 +INSERT INTO LOBS VALUES(12,1,0,13) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(13,1,'2024-03-02 03:34:57.951000',1,13,NULL,201,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=13 +INSERT INTO LOB_IDS VALUES(13,201,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(14,960,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 15 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=13 +INSERT INTO BLOCKS VALUES(13,1,0) +INSERT INTO BLOCKS VALUES(14,2147483633,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=13 +INSERT INTO LOBS VALUES(13,1,0,14) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(14,1,'2024-03-02 03:34:57.960000',1,14,NULL,960,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=14 +INSERT INTO LOB_IDS VALUES(14,960,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(15,176,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 16 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=14 +INSERT INTO BLOCKS VALUES(14,1,0) +INSERT INTO BLOCKS VALUES(15,2147483632,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=14 +INSERT INTO LOBS VALUES(14,1,0,15) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(15,1,'2024-03-02 03:34:57.963000',1,15,NULL,176,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=15 +INSERT INTO LOB_IDS VALUES(15,176,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(16,1653,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 17 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=15 +INSERT INTO BLOCKS VALUES(15,1,0) +INSERT INTO BLOCKS VALUES(16,2147483631,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=15 +INSERT INTO LOBS VALUES(15,1,0,16) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(16,1,'2024-03-02 03:34:57.972000',1,16,NULL,1653,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=16 +INSERT INTO LOB_IDS VALUES(16,1653,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(9,1709346750724,1,200,1709346898617,348,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:34:58 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(17,322,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 18 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=16 +INSERT INTO BLOCKS VALUES(16,1,0) +INSERT INTO BLOCKS VALUES(17,2147483630,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=16 +INSERT INTO LOBS VALUES(16,1,0,17) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(17,1,'2024-03-02 03:34:58.973000',1,17,NULL,322,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=17 +INSERT INTO LOB_IDS VALUES(17,322,1,40) +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=3 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',4,'','https://play.cscg.live') +COMMIT +DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=2 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message' +INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',3,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message') +COMMIT +DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=3 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',4,'','h3=":443"; ma=2592000') +COMMIT +DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=2 AND FLAGS='' AND VALS='application/grpc-web+proto' +INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',3,'','application/grpc-web+proto') +COMMIT +DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=3 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',4,'','Caddy') +COMMIT +DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=2 AND FLAGS='' AND VALS='Origin' +INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',3,'','Origin') +COMMIT +DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=3 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',4,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=2 AND FLAGS='' AND VALS='129' +INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',3,'','129') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(11,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',9,9,'','',319,15,3,'','10035-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(25,11,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(26,11,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(18,551,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 19 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=17 +INSERT INTO BLOCKS VALUES(17,1,0) +INSERT INTO BLOCKS VALUES(18,2147483629,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=17 +INSERT INTO LOBS VALUES(17,1,0,18) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(18,1,'2024-03-02 03:34:59.177000',1,18,NULL,551,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=18 +INSERT INTO LOB_IDS VALUES(18,551,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(12,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',9,9,'','',693,15,3,'','10021') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(27,12,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(28,12,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(19,572,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 20 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=18 +INSERT INTO BLOCKS VALUES(18,1,0) +INSERT INTO BLOCKS VALUES(19,2147483628,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=18 +INSERT INTO LOBS VALUES(18,1,0,19) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(19,1,'2024-03-02 03:34:59.187000',1,19,NULL,572,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=19 +INSERT INTO LOB_IDS VALUES(19,572,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(10,1709346750724,1,200,1709346900752,297,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:01 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(20,323,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 21 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=19 +INSERT INTO BLOCKS VALUES(19,1,0) +INSERT INTO BLOCKS VALUES(20,2147483627,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=19 +INSERT INTO LOBS VALUES(19,1,0,20) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(20,1,'2024-03-02 03:35:01.052000',1,20,NULL,323,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=20 +INSERT INTO LOB_IDS VALUES(20,323,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(13,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',10,10,'','',319,15,3,'','10035-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(29,13,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(30,13,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=4 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',5,'','https://play.cscg.live') +COMMIT +DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=3 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message' +INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',4,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message') +COMMIT +DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=4 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',5,'','h3=":443"; ma=2592000') +COMMIT +DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=3 AND FLAGS='' AND VALS='application/grpc-web+proto' +INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',4,'','application/grpc-web+proto') +COMMIT +DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=4 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',5,'','Caddy') +COMMIT +DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=3 AND FLAGS='' AND VALS='Origin' +INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',4,'','Origin') +COMMIT +DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=4 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',5,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=3 AND FLAGS='' AND VALS='129' +INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',4,'','129') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(21,552,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 22 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=20 +INSERT INTO BLOCKS VALUES(20,1,0) +INSERT INTO BLOCKS VALUES(21,2147483626,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=20 +INSERT INTO LOBS VALUES(20,1,0,21) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(21,1,'2024-03-02 03:35:01.274000',1,21,NULL,552,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=21 +INSERT INTO LOB_IDS VALUES(21,552,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(14,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',10,10,'','',693,15,3,'','10021') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(31,14,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(32,14,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(22,573,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 23 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=21 +INSERT INTO BLOCKS VALUES(21,1,0) +INSERT INTO BLOCKS VALUES(22,2147483625,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=21 +INSERT INTO LOBS VALUES(21,1,0,22) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(22,1,'2024-03-02 03:35:01.281000',1,22,NULL,573,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=22 +INSERT INTO LOB_IDS VALUES(22,573,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(11,1709346750724,1,200,1709346902634,106,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:35:02 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(23,324,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 24 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=22 +INSERT INTO BLOCKS VALUES(22,1,0) +INSERT INTO BLOCKS VALUES(23,2147483624,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=22 +INSERT INTO LOBS VALUES(22,1,0,23) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(23,1,'2024-03-02 03:35:02.743000',1,23,NULL,324,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=23 +INSERT INTO LOB_IDS VALUES(23,324,1,40) +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=18 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Headers' AND USED=1 AND FLAGS='' AND VALS='content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization' +INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',2,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization') +COMMIT +DELETE FROM PARAM WHERE PARAMID=19 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Methods' AND USED=1 AND FLAGS='' AND VALS='GET%2CHEAD%2CPOST%2CPUT%2CDELETE' +INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',2,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE') +COMMIT +DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=5 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',6,'','https://play.cscg.live') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(15,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',11,11,'','',319,15,3,'','10035-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(33,15,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(34,15,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=5 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',6,'','h3=":443"; ma=2592000') +COMMIT +DELETE FROM PARAM WHERE PARAMID=20 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Length' AND USED=1 AND FLAGS='' AND VALS='0' +INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',2,'','0') +COMMIT +DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=5 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',6,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=5 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',6,'','Caddy') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(24,552,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 25 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=23 +INSERT INTO BLOCKS VALUES(23,1,0) +INSERT INTO BLOCKS VALUES(24,2147483623,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=23 +INSERT INTO LOBS VALUES(23,1,0,24) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(24,1,'2024-03-02 03:35:02.956000',1,24,NULL,552,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=24 +INSERT INTO LOB_IDS VALUES(24,552,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(12,1709346750724,1,200,1709346902745,278,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:03 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(25,323,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 26 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=24 +INSERT INTO BLOCKS VALUES(24,1,0) +INSERT INTO BLOCKS VALUES(25,2147483622,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=24 +INSERT INTO LOBS VALUES(24,1,0,25) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(25,1,'2024-03-02 03:35:03.024000',1,25,NULL,323,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=25 +INSERT INTO LOB_IDS VALUES(25,323,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(16,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',12,12,'','',319,15,3,'','10035-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(35,16,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(36,16,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=6 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',7,'','https://play.cscg.live') +COMMIT +DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=4 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message' +INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',5,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message') +COMMIT +DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=6 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',7,'','h3=":443"; ma=2592000') +COMMIT +DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=4 AND FLAGS='' AND VALS='application/grpc-web+proto' +INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',5,'','application/grpc-web+proto') +COMMIT +DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=6 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',7,'','Caddy') +COMMIT +DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=4 AND FLAGS='' AND VALS='Origin' +INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',5,'','Origin') +COMMIT +DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=6 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',7,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=4 AND FLAGS='' AND VALS='129' +INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',5,'','129') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(26,552,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 27 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=25 +INSERT INTO BLOCKS VALUES(25,1,0) +INSERT INTO BLOCKS VALUES(26,2147483621,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=25 +INSERT INTO LOBS VALUES(25,1,0,26) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(26,1,'2024-03-02 03:35:03.236000',1,26,NULL,552,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=26 +INSERT INTO LOB_IDS VALUES(26,552,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(17,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',12,12,'','',693,15,3,'','10021') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(37,17,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(38,17,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(27,573,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 28 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=26 +INSERT INTO BLOCKS VALUES(26,1,0) +INSERT INTO BLOCKS VALUES(27,2147483620,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=26 +INSERT INTO LOBS VALUES(26,1,0,27) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(27,1,'2024-03-02 03:35:03.262000',1,27,NULL,573,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=27 +INSERT INTO LOB_IDS VALUES(27,573,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(13,1709346750724,1,200,1709346904639,173,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Vary, Date, Content-Type, Access-Control-Allow-Origin, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:04 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(28,323,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 29 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=27 +INSERT INTO BLOCKS VALUES(27,1,0) +INSERT INTO BLOCKS VALUES(28,2147483619,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=27 +INSERT INTO LOBS VALUES(27,1,0,28) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(28,1,'2024-03-02 03:35:04.813000',1,28,NULL,323,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=28 +INSERT INTO LOB_IDS VALUES(28,323,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(18,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',13,13,'','',319,15,3,'','10035-1') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=7 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',8,'','https://play.cscg.live') +COMMIT +DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=5 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message' +INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',6,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(39,18,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(40,18,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=7 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',8,'','h3=":443"; ma=2592000') +COMMIT +DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=5 AND FLAGS='' AND VALS='application/grpc-web+proto' +INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',6,'','application/grpc-web+proto') +COMMIT +DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=7 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',8,'','Caddy') +COMMIT +DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=5 AND FLAGS='' AND VALS='Origin' +INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',6,'','Origin') +COMMIT +DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=7 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',8,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=5 AND FLAGS='' AND VALS='129' +INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',6,'','129') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(29,552,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 30 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=28 +INSERT INTO BLOCKS VALUES(28,1,0) +INSERT INTO BLOCKS VALUES(29,2147483618,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=28 +INSERT INTO LOBS VALUES(28,1,0,29) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(29,1,'2024-03-02 03:35:05.035000',1,29,NULL,552,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=29 +INSERT INTO LOB_IDS VALUES(29,552,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(19,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',13,13,'','',693,15,3,'','10021') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(41,19,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(42,19,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(30,573,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 31 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=29 +INSERT INTO BLOCKS VALUES(29,1,0) +INSERT INTO BLOCKS VALUES(30,2147483617,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=29 +INSERT INTO LOBS VALUES(29,1,0,30) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(30,1,'2024-03-02 03:35:05.038000',1,30,NULL,573,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=30 +INSERT INTO LOB_IDS VALUES(30,573,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(14,1709346750724,1,200,1709346906638,170,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:06 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(31,323,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 32 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=30 +INSERT INTO BLOCKS VALUES(30,1,0) +INSERT INTO BLOCKS VALUES(31,2147483616,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=30 +INSERT INTO LOBS VALUES(30,1,0,31) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(31,1,'2024-03-02 03:35:06.809000',1,31,NULL,323,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=31 +INSERT INTO LOB_IDS VALUES(31,323,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(20,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',14,14,'','',319,15,3,'','10035-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(43,20,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(44,20,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=8 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',9,'','https://play.cscg.live') +COMMIT +DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=6 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' +INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',7,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') +COMMIT +DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=8 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',9,'','h3=":443"; ma=2592000') +COMMIT +DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=6 AND FLAGS='' AND VALS='application/grpc-web+proto' +INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',7,'','application/grpc-web+proto') +COMMIT +DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=8 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',9,'','Caddy') +COMMIT +DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=6 AND FLAGS='' AND VALS='Origin' +INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',7,'','Origin') +COMMIT +DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=8 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',9,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=6 AND FLAGS='' AND VALS='129' +INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',7,'','129') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(32,552,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 33 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=31 +INSERT INTO BLOCKS VALUES(31,1,0) +INSERT INTO BLOCKS VALUES(32,2147483615,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=31 +INSERT INTO LOBS VALUES(31,1,0,32) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(32,1,'2024-03-02 03:35:07.025000',1,32,NULL,552,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=32 +INSERT INTO LOB_IDS VALUES(32,552,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(21,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',14,14,'','',693,15,3,'','10021') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(45,21,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(46,21,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(33,573,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 34 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=32 +INSERT INTO BLOCKS VALUES(32,1,0) +INSERT INTO BLOCKS VALUES(33,2147483614,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=32 +INSERT INTO LOBS VALUES(32,1,0,33) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(33,1,'2024-03-02 03:35:07.049000',1,33,NULL,573,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=33 +INSERT INTO LOB_IDS VALUES(33,573,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(34,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 35 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=33 +INSERT INTO BLOCKS VALUES(33,1,0) +INSERT INTO BLOCKS VALUES(34,2147483613,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=33 +INSERT INTO LOBS VALUES(33,1,0,34) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(34,1,'2024-03-02 03:35:07.950000',1,34,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=34 +INSERT INTO LOB_IDS VALUES(34,64,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(15,1709346750724,1,200,1709346908652,157,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:35:08 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(35,324,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 36 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=34 +INSERT INTO BLOCKS VALUES(34,1,0) +INSERT INTO BLOCKS VALUES(35,2147483612,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=34 +INSERT INTO LOBS VALUES(34,1,0,35) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(35,1,'2024-03-02 03:35:08.811000',1,35,NULL,324,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=35 +INSERT INTO LOB_IDS VALUES(35,324,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(16,1709346750724,1,200,1709346908814,72,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Content-Type, Access-Control-Allow-Origin, Vary, Date, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:08 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=18 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Headers' AND USED=2 AND FLAGS='' AND VALS='content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization' +INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',3,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization') +COMMIT +DELETE FROM PARAM WHERE PARAMID=19 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Methods' AND USED=2 AND FLAGS='' AND VALS='GET%2CHEAD%2CPOST%2CPUT%2CDELETE' +INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',3,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(36,322,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 37 +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=9 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',10,'','https://play.cscg.live') +COMMIT +DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=9 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',10,'','h3=":443"; ma=2592000') +COMMIT +DELETE FROM PARAM WHERE PARAMID=20 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Length' AND USED=2 AND FLAGS='' AND VALS='0' +INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',3,'','0') +COMMIT +/*C1*/DELETE FROM BLOCKS WHERE BLOCK_ADDR=35 +INSERT INTO BLOCKS VALUES(35,1,0) +INSERT INTO BLOCKS VALUES(36,2147483611,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=35 +INSERT INTO LOBS VALUES(35,1,0,36) +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=9 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',10,'','Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=9 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',10,'','Caddy') +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(36,1,'2024-03-02 03:35:08.888000',1,36,NULL,322,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=36 +INSERT INTO LOB_IDS VALUES(36,322,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(22,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',16,16,'','',319,15,3,'','10035-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(47,22,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(48,22,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=10 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',11,'','https://play.cscg.live') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(23,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',15,15,'','',319,15,3,'','10035-1') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=7 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' +INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',8,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(49,23,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=10 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',11,'','h3=":443"; ma=2592000') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(50,23,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=7 AND FLAGS='' AND VALS='application/grpc-web+proto' +INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',8,'','application/grpc-web+proto') +COMMIT +DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=10 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',11,'','Caddy') +COMMIT +DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=7 AND FLAGS='' AND VALS='Origin' +INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',8,'','Origin') +COMMIT +DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=10 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',11,'','Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=7 AND FLAGS='' AND VALS='129' +INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',8,'','129') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(37,552,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 38 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=36 +INSERT INTO BLOCKS VALUES(36,1,0) +INSERT INTO BLOCKS VALUES(37,2147483610,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=36 +INSERT INTO LOBS VALUES(36,1,0,37) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(37,1,'2024-03-02 03:35:08.894000',1,37,NULL,552,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=37 +INSERT INTO LOB_IDS VALUES(37,552,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(38,552,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 39 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=37 +INSERT INTO BLOCKS VALUES(37,1,0) +INSERT INTO BLOCKS VALUES(38,2147483609,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=37 +INSERT INTO LOBS VALUES(37,1,0,38) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(24,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',16,16,'','',693,15,3,'','10021') +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(38,1,'2024-03-02 03:35:08.894000',1,38,NULL,552,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=38 +INSERT INTO LOB_IDS VALUES(38,552,1,40) +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(51,24,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(52,24,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(39,573,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 40 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=38 +INSERT INTO BLOCKS VALUES(38,1,0) +INSERT INTO BLOCKS VALUES(39,2147483608,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=38 +INSERT INTO LOBS VALUES(38,1,0,39) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(39,1,'2024-03-02 03:35:08.897000',1,39,NULL,573,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=39 +INSERT INTO LOB_IDS VALUES(39,573,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(17,1709346750724,1,200,1709346910654,366,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:11 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(40,323,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 41 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=39 +INSERT INTO BLOCKS VALUES(39,1,0) +INSERT INTO BLOCKS VALUES(40,2147483607,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=39 +INSERT INTO LOBS VALUES(39,1,0,40) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(40,1,'2024-03-02 03:35:11.021000',1,40,NULL,323,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=40 +INSERT INTO LOB_IDS VALUES(40,323,1,40) +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=11 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',12,'','https://play.cscg.live') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(25,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',17,17,'','',319,15,3,'','10035-1') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=8 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' +INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',9,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') +COMMIT +DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=11 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',12,'','h3=":443"; ma=2592000') +COMMIT +DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=8 AND FLAGS='' AND VALS='application/grpc-web+proto' +INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',9,'','application/grpc-web+proto') +COMMIT +DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=11 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',12,'','Caddy') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(53,25,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(54,25,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=8 AND FLAGS='' AND VALS='Origin' +INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',9,'','Origin') +COMMIT +DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=11 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',12,'','Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=8 AND FLAGS='' AND VALS='129' +INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',9,'','129') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(41,552,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 42 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=40 +INSERT INTO BLOCKS VALUES(40,1,0) +INSERT INTO BLOCKS VALUES(41,2147483606,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=40 +INSERT INTO LOBS VALUES(40,1,0,41) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(41,1,'2024-03-02 03:35:11.227000',1,41,NULL,552,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=41 +INSERT INTO LOB_IDS VALUES(41,552,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(26,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',17,17,'','',693,15,3,'','10021') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(55,26,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(56,26,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(42,573,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 43 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=41 +INSERT INTO BLOCKS VALUES(41,1,0) +INSERT INTO BLOCKS VALUES(42,2147483605,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=41 +INSERT INTO LOBS VALUES(41,1,0,42) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(42,1,'2024-03-02 03:35:11.230000',1,42,NULL,573,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=42 +INSERT INTO LOB_IDS VALUES(42,573,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(18,1709346750724,1,200,1709346912663,382,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Content-Type, Access-Control-Allow-Origin, Vary, Date, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:12 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(43,323,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 44 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=42 +INSERT INTO BLOCKS VALUES(42,1,0) +INSERT INTO BLOCKS VALUES(43,2147483604,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=42 +INSERT INTO LOBS VALUES(42,1,0,43) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(43,1,'2024-03-02 03:35:13.047000',1,43,NULL,323,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=43 +INSERT INTO LOB_IDS VALUES(43,323,1,40) +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=12 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',13,'','https://play.cscg.live') +COMMIT +DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=9 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' +INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',10,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') +COMMIT +DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=12 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',13,'','h3=":443"; ma=2592000') +COMMIT +DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=9 AND FLAGS='' AND VALS='application/grpc-web+proto' +INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',10,'','application/grpc-web+proto') +COMMIT +DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=12 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',13,'','Caddy') +COMMIT +DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=9 AND FLAGS='' AND VALS='Origin' +INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',10,'','Origin') +COMMIT +DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=12 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',13,'','Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=9 AND FLAGS='' AND VALS='129' +INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',10,'','129') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(27,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',18,18,'','',319,15,3,'','10035-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(57,27,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(58,27,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(44,552,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 45 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=43 +INSERT INTO BLOCKS VALUES(43,1,0) +INSERT INTO BLOCKS VALUES(44,2147483603,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=43 +INSERT INTO LOBS VALUES(43,1,0,44) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(44,1,'2024-03-02 03:35:13.255000',1,44,NULL,552,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=44 +INSERT INTO LOB_IDS VALUES(44,552,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(28,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',18,18,'','',693,15,3,'','10021') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(59,28,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(60,28,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(45,573,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 46 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=44 +INSERT INTO BLOCKS VALUES(44,1,0) +INSERT INTO BLOCKS VALUES(45,2147483602,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=44 +INSERT INTO LOBS VALUES(44,1,0,45) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(45,1,'2024-03-02 03:35:13.258000',1,45,NULL,573,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=45 +INSERT INTO LOB_IDS VALUES(45,573,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(19,1709346750724,1,200,1709346914670,89,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:35:14 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(46,323,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 47 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=45 +INSERT INTO BLOCKS VALUES(45,1,0) +INSERT INTO BLOCKS VALUES(46,2147483601,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=45 +INSERT INTO LOBS VALUES(45,1,0,46) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(46,1,'2024-03-02 03:35:14.760000',1,46,NULL,323,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=46 +INSERT INTO LOB_IDS VALUES(46,323,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(20,1709346750724,1,200,1709346914763,83,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Content-Type, Date, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:14 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(47,322,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 48 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=46 +INSERT INTO BLOCKS VALUES(46,1,0) +INSERT INTO BLOCKS VALUES(47,2147483600,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=46 +INSERT INTO LOBS VALUES(46,1,0,47) +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=18 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Headers' AND USED=3 AND FLAGS='' AND VALS='content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization' +INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',4,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization') +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(47,1,'2024-03-02 03:35:14.848000',1,47,NULL,322,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=47 +INSERT INTO LOB_IDS VALUES(47,322,1,40) +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=19 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Methods' AND USED=3 AND FLAGS='' AND VALS='GET%2CHEAD%2CPOST%2CPUT%2CDELETE' +INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',4,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE') +COMMIT +DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=13 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',14,'','https://play.cscg.live') +COMMIT +DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=13 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',14,'','h3=":443"; ma=2592000') +COMMIT +DELETE FROM PARAM WHERE PARAMID=20 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Length' AND USED=3 AND FLAGS='' AND VALS='0' +INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',4,'','0') +COMMIT +DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=13 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',14,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=13 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',14,'','Caddy') +COMMIT +DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=14 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',15,'','https://play.cscg.live') +COMMIT +DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=10 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' +INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',11,'','Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') +COMMIT +DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=14 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',15,'','h3=":443"; ma=2592000') +COMMIT +DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=10 AND FLAGS='' AND VALS='application/grpc-web+proto' +INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',11,'','application/grpc-web+proto') +COMMIT +DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=14 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',15,'','Caddy') +COMMIT +DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=10 AND FLAGS='' AND VALS='Origin' +INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',11,'','Origin') +COMMIT +DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=14 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',15,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(29,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',20,20,'','',319,15,3,'','10035-1') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=10 AND FLAGS='' AND VALS='129' +INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',11,'','129') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(61,29,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(62,29,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(48,552,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 49 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=47 +INSERT INTO BLOCKS VALUES(47,1,0) +INSERT INTO BLOCKS VALUES(48,2147483599,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=47 +INSERT INTO LOBS VALUES(47,1,0,48) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(30,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',19,19,'','',319,15,3,'','10035-1') +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(48,1,'2024-03-02 03:35:14.851000',1,48,NULL,552,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=48 +INSERT INTO LOB_IDS VALUES(48,552,1,40) +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(63,30,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(64,30,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(31,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',20,20,'','',693,15,3,'','10021') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(65,31,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(66,31,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(49,552,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 50 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=48 +INSERT INTO BLOCKS VALUES(48,1,0) +INSERT INTO BLOCKS VALUES(49,2147483598,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=48 +INSERT INTO LOBS VALUES(48,1,0,49) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(49,1,'2024-03-02 03:35:14.853000',1,49,NULL,552,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=49 +INSERT INTO LOB_IDS VALUES(49,552,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(50,573,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 51 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=49 +INSERT INTO BLOCKS VALUES(49,1,0) +INSERT INTO BLOCKS VALUES(50,2147483597,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=49 +INSERT INTO LOBS VALUES(49,1,0,50) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(50,1,'2024-03-02 03:35:14.853000',1,50,NULL,573,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=50 +INSERT INTO LOB_IDS VALUES(50,573,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(21,1709346750724,1,200,1709346916670,183,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Date, Access-Control-Allow-Origin, Vary, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:16 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(51,323,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 52 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=50 +INSERT INTO BLOCKS VALUES(50,1,0) +INSERT INTO BLOCKS VALUES(51,2147483596,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=50 +INSERT INTO LOBS VALUES(50,1,0,51) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(51,1,'2024-03-02 03:35:16.854000',1,51,NULL,323,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=51 +INSERT INTO LOB_IDS VALUES(51,323,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(32,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',21,21,'','',319,15,3,'','10035-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(67,32,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(68,32,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=15 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',16,'','https://play.cscg.live') +COMMIT +DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=11 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' +INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',12,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') +COMMIT +DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=15 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',16,'','h3=":443"; ma=2592000') +COMMIT +DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=11 AND FLAGS='' AND VALS='application/grpc-web+proto' +INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',12,'','application/grpc-web+proto') +COMMIT +DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=15 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',16,'','Caddy') +COMMIT +DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=11 AND FLAGS='' AND VALS='Origin' +INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',12,'','Origin') +COMMIT +DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=15 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',16,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=11 AND FLAGS='' AND VALS='129' +INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',12,'','129') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(52,552,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 53 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=51 +INSERT INTO BLOCKS VALUES(51,1,0) +INSERT INTO BLOCKS VALUES(52,2147483595,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=51 +INSERT INTO LOBS VALUES(51,1,0,52) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(52,1,'2024-03-02 03:35:17.057000',1,52,NULL,552,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=52 +INSERT INTO LOB_IDS VALUES(52,552,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(33,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',21,21,'','',693,15,3,'','10021') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(69,33,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(70,33,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(53,573,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 54 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=52 +INSERT INTO BLOCKS VALUES(52,1,0) +INSERT INTO BLOCKS VALUES(53,2147483594,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=52 +INSERT INTO LOBS VALUES(52,1,0,53) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(53,1,'2024-03-02 03:35:17.059000',1,53,NULL,573,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=53 +INSERT INTO LOB_IDS VALUES(53,573,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(54,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 55 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=53 +INSERT INTO BLOCKS VALUES(53,1,0) +INSERT INTO BLOCKS VALUES(54,2147483593,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=53 +INSERT INTO LOBS VALUES(53,1,0,54) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(54,1,'2024-03-02 03:35:17.952000',1,54,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=54 +INSERT INTO LOB_IDS VALUES(54,64,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(22,1709346750724,1,200,1709346918678,165,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Vary, Date, Content-Type, Access-Control-Allow-Origin, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:18 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(55,323,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 56 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=54 +INSERT INTO BLOCKS VALUES(54,1,0) +INSERT INTO BLOCKS VALUES(55,2147483592,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=54 +INSERT INTO LOBS VALUES(54,1,0,55) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(55,1,'2024-03-02 03:35:18.846000',1,55,NULL,323,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=55 +INSERT INTO LOB_IDS VALUES(55,323,1,40) +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=16 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',17,'','https://play.cscg.live') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(34,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',22,22,'','',319,15,3,'','10035-1') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=12 AND FLAGS='' AND VALS='Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' +INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',13,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') +COMMIT +DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=16 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',17,'','h3=":443"; ma=2592000') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(71,34,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=12 AND FLAGS='' AND VALS='application/grpc-web+proto' +INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',13,'','application/grpc-web+proto') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(72,34,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=16 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',17,'','Caddy') +COMMIT +DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=12 AND FLAGS='' AND VALS='Origin' +INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',13,'','Origin') +COMMIT +DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=16 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',17,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=12 AND FLAGS='' AND VALS='129' +INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',13,'','129') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(56,552,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 57 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=55 +INSERT INTO BLOCKS VALUES(55,1,0) +INSERT INTO BLOCKS VALUES(56,2147483591,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=55 +INSERT INTO LOBS VALUES(55,1,0,56) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(56,1,'2024-03-02 03:35:19.051000',1,56,NULL,552,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=56 +INSERT INTO LOB_IDS VALUES(56,552,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(35,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',22,22,'','',693,15,3,'','10021') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(73,35,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(74,35,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(57,573,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 58 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=56 +INSERT INTO BLOCKS VALUES(56,1,0) +INSERT INTO BLOCKS VALUES(57,2147483590,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=56 +INSERT INTO LOBS VALUES(56,1,0,57) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(57,1,'2024-03-02 03:35:19.055000',1,57,NULL,573,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=57 +INSERT INTO LOB_IDS VALUES(57,573,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(23,1709346750724,1,200,1709346920686,174,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:35:20 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(58,324,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 59 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=57 +INSERT INTO BLOCKS VALUES(57,1,0) +INSERT INTO BLOCKS VALUES(58,2147483589,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=57 +INSERT INTO LOBS VALUES(57,1,0,58) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(58,1,'2024-03-02 03:35:20.861000',1,58,NULL,324,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=58 +INSERT INTO LOB_IDS VALUES(58,324,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(24,1709346750724,1,200,1709346920865,94,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Vary, Date, Content-Type, Access-Control-Allow-Origin, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:20 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(59,322,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 60 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=58 +INSERT INTO BLOCKS VALUES(58,1,0) +INSERT INTO BLOCKS VALUES(59,2147483588,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=58 +INSERT INTO LOBS VALUES(58,1,0,59) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(59,1,'2024-03-02 03:35:20.962000',1,59,NULL,322,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=59 +INSERT INTO LOB_IDS VALUES(59,322,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(36,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',24,24,'','',319,15,3,'','10035-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(75,36,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(76,36,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(37,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',23,23,'','',319,15,3,'','10035-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(77,37,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(78,37,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=18 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Headers' AND USED=4 AND FLAGS='' AND VALS='content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization' +INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',5,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization') +COMMIT +DELETE FROM PARAM WHERE PARAMID=19 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Methods' AND USED=4 AND FLAGS='' AND VALS='GET%2CHEAD%2CPOST%2CPUT%2CDELETE' +INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',5,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE') +COMMIT +DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=17 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',18,'','https://play.cscg.live') +COMMIT +DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=17 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',18,'','h3=":443"; ma=2592000') +COMMIT +DELETE FROM PARAM WHERE PARAMID=20 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Length' AND USED=4 AND FLAGS='' AND VALS='0' +INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',5,'','0') +COMMIT +DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=17 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',18,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=17 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',18,'','Caddy') +COMMIT +DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=18 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',19,'','https://play.cscg.live') +COMMIT +DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=13 AND FLAGS='' AND VALS='Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' +INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',14,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') +COMMIT +DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=18 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',19,'','h3=":443"; ma=2592000') +COMMIT +DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=13 AND FLAGS='' AND VALS='application/grpc-web+proto' +INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',14,'','application/grpc-web+proto') +COMMIT +DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=18 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',19,'','Caddy') +COMMIT +DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=13 AND FLAGS='' AND VALS='Origin' +INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',14,'','Origin') +COMMIT +DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=18 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',19,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=13 AND FLAGS='' AND VALS='129' +INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',14,'','129') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(60,552,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 61 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=59 +INSERT INTO BLOCKS VALUES(59,1,0) +INSERT INTO BLOCKS VALUES(60,2147483587,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=59 +INSERT INTO LOBS VALUES(59,1,0,60) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(60,1,'2024-03-02 03:35:20.971000',1,60,NULL,552,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=60 +INSERT INTO LOB_IDS VALUES(60,552,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(61,552,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 62 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=60 +INSERT INTO BLOCKS VALUES(60,1,0) +INSERT INTO BLOCKS VALUES(61,2147483586,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=60 +INSERT INTO LOBS VALUES(60,1,0,61) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(61,1,'2024-03-02 03:35:20.971000',1,61,NULL,552,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=61 +INSERT INTO LOB_IDS VALUES(61,552,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(38,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',24,24,'','',693,15,3,'','10021') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(79,38,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(80,38,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(62,573,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 63 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=61 +INSERT INTO BLOCKS VALUES(61,1,0) +INSERT INTO BLOCKS VALUES(62,2147483585,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=61 +INSERT INTO LOBS VALUES(61,1,0,62) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(62,1,'2024-03-02 03:35:20.973000',1,62,NULL,573,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=62 +INSERT INTO LOB_IDS VALUES(62,573,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(25,1709346750724,1,200,1709346922688,508,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:23 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(63,323,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 64 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=62 +INSERT INTO BLOCKS VALUES(62,1,0) +INSERT INTO BLOCKS VALUES(63,2147483584,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=62 +INSERT INTO LOBS VALUES(62,1,0,63) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(63,1,'2024-03-02 03:35:23.197000',1,63,NULL,323,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=63 +INSERT INTO LOB_IDS VALUES(63,323,1,40) +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=19 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',20,'','https://play.cscg.live') +COMMIT +DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=14 AND FLAGS='' AND VALS='Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' +INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',15,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') +COMMIT +DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=19 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',20,'','h3=":443"; ma=2592000') +COMMIT +DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=14 AND FLAGS='' AND VALS='application/grpc-web+proto' +INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',15,'','application/grpc-web+proto') +COMMIT +DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=19 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',20,'','Caddy') +COMMIT +DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=14 AND FLAGS='' AND VALS='Origin' +INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',15,'','Origin') +COMMIT +DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=19 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',20,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:23 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=14 AND FLAGS='' AND VALS='129' +INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',15,'','129') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(39,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',25,25,'','',319,15,3,'','10035-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(81,39,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(82,39,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(64,552,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 65 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=63 +INSERT INTO BLOCKS VALUES(63,1,0) +INSERT INTO BLOCKS VALUES(64,2147483583,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=63 +INSERT INTO LOBS VALUES(63,1,0,64) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(64,1,'2024-03-02 03:35:23.399000',1,64,NULL,552,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=64 +INSERT INTO LOB_IDS VALUES(64,552,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(40,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',25,25,'','',693,15,3,'','10021') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(83,40,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(84,40,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(65,573,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 66 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=64 +INSERT INTO BLOCKS VALUES(64,1,0) +INSERT INTO BLOCKS VALUES(65,2147483582,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=64 +INSERT INTO LOBS VALUES(64,1,0,65) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(65,1,'2024-03-02 03:35:23.402000',1,65,NULL,573,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=65 +INSERT INTO LOB_IDS VALUES(65,573,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(26,1709346750724,1,200,1709346924701,311,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Content-Type, Date, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:24 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(66,323,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 67 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=65 +INSERT INTO BLOCKS VALUES(65,1,0) +INSERT INTO BLOCKS VALUES(66,2147483581,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=65 +INSERT INTO LOBS VALUES(65,1,0,66) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(66,1,'2024-03-02 03:35:25.014000',1,66,NULL,323,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=66 +INSERT INTO LOB_IDS VALUES(66,323,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(41,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',26,26,'','',319,15,3,'','10035-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(85,41,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=20 AND FLAGS='' AND VALS='https://play.cscg.live' +INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',21,'','https://play.cscg.live') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(86,41,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=15 AND FLAGS='' AND VALS='Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' +INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',16,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') +COMMIT +DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=20 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' +INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',21,'','h3=":443"; ma=2592000') +COMMIT +DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=15 AND FLAGS='' AND VALS='application/grpc-web+proto' +INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',16,'','application/grpc-web+proto') +COMMIT +DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=20 AND FLAGS='' AND VALS='Caddy' +INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',21,'','Caddy') +COMMIT +DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=15 AND FLAGS='' AND VALS='Origin' +INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',16,'','Origin') +COMMIT +DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=20 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:23 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT' +INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',21,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:23 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:24 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=15 AND FLAGS='' AND VALS='129' +INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',16,'','129') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(67,552,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 68 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=66 +INSERT INTO BLOCKS VALUES(66,1,0) +INSERT INTO BLOCKS VALUES(67,2147483580,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=66 +INSERT INTO LOBS VALUES(66,1,0,67) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(67,1,'2024-03-02 03:35:25.220000',1,67,NULL,552,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=67 +INSERT INTO LOB_IDS VALUES(67,552,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(42,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',26,26,'','',693,15,3,'','10021') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(87,42,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(88,42,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(68,573,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 69 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=67 +INSERT INTO BLOCKS VALUES(67,1,0) +INSERT INTO BLOCKS VALUES(68,2147483579,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=67 +INSERT INTO LOBS VALUES(67,1,0,68) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(68,1,'2024-03-02 03:35:25.224000',1,68,NULL,573,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=68 +INSERT INTO LOB_IDS VALUES(68,573,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(69,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 70 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=68 +INSERT INTO BLOCKS VALUES(68,1,0) +INSERT INTO BLOCKS VALUES(69,2147483578,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=68 +INSERT INTO LOBS VALUES(68,1,0,69) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(69,1,'2024-03-02 03:35:27.951000',1,69,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=69 +INSERT INTO LOB_IDS VALUES(69,64,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(70,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 71 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=69 +INSERT INTO BLOCKS VALUES(69,1,0) +INSERT INTO BLOCKS VALUES(70,2147483577,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=69 +INSERT INTO LOBS VALUES(69,1,0,70) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(70,1,'2024-03-02 03:35:37.956000',1,70,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=70 +INSERT INTO LOB_IDS VALUES(70,64,1,40) +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=0 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=1 +DELETE FROM ALERT_TAG WHERE TAG_ID=2 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=1 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=3 +DELETE FROM ALERT_TAG WHERE TAG_ID=4 +COMMIT +/*C3*/DELETE FROM HISTORY WHERE HISTORYID=1 +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(71,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 72 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=70 +INSERT INTO BLOCKS VALUES(70,1,0) +INSERT INTO BLOCKS VALUES(71,2147483576,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=70 +INSERT INTO LOBS VALUES(70,1,0,71) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(71,1,'2024-03-02 03:35:47.956000',1,71,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=71 +INSERT INTO LOB_IDS VALUES(71,64,1,40) +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=8 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=19 +DELETE FROM ALERT_TAG WHERE TAG_ID=20 +COMMIT +/*C3*/DELETE FROM HISTORY WHERE HISTORYID=7 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=9 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=21 +DELETE FROM ALERT_TAG WHERE TAG_ID=22 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=10 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=23 +DELETE FROM ALERT_TAG WHERE TAG_ID=24 +COMMIT +/*C3*/DELETE FROM HISTORY WHERE HISTORYID=8 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=11 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=25 +DELETE FROM ALERT_TAG WHERE TAG_ID=26 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=12 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=27 +DELETE FROM ALERT_TAG WHERE TAG_ID=28 +COMMIT +/*C3*/DELETE FROM HISTORY WHERE HISTORYID=9 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=13 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=29 +DELETE FROM ALERT_TAG WHERE TAG_ID=30 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=14 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=31 +DELETE FROM ALERT_TAG WHERE TAG_ID=32 +COMMIT +/*C3*/DELETE FROM HISTORY WHERE HISTORYID=10 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=15 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=33 +DELETE FROM ALERT_TAG WHERE TAG_ID=34 +COMMIT +/*C3*/DELETE FROM HISTORY WHERE HISTORYID=11 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=16 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=35 +DELETE FROM ALERT_TAG WHERE TAG_ID=36 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=17 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=37 +DELETE FROM ALERT_TAG WHERE TAG_ID=38 +COMMIT +/*C3*/DELETE FROM HISTORY WHERE HISTORYID=12 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=18 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=39 +DELETE FROM ALERT_TAG WHERE TAG_ID=40 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=19 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=41 +DELETE FROM ALERT_TAG WHERE TAG_ID=42 +COMMIT +/*C3*/DELETE FROM HISTORY WHERE HISTORYID=13 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=20 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=43 +DELETE FROM ALERT_TAG WHERE TAG_ID=44 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=21 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=45 +DELETE FROM ALERT_TAG WHERE TAG_ID=46 +COMMIT +/*C3*/DELETE FROM HISTORY WHERE HISTORYID=14 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=23 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=49 +DELETE FROM ALERT_TAG WHERE TAG_ID=50 +COMMIT +/*C3*/DELETE FROM HISTORY WHERE HISTORYID=15 +COMMIT +DELETE FROM HISTORY WHERE HISTORYID=16 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=25 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=53 +DELETE FROM ALERT_TAG WHERE TAG_ID=54 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=26 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=55 +DELETE FROM ALERT_TAG WHERE TAG_ID=56 +COMMIT +/*C3*/DELETE FROM HISTORY WHERE HISTORYID=17 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=27 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=57 +DELETE FROM ALERT_TAG WHERE TAG_ID=58 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=28 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=59 +DELETE FROM ALERT_TAG WHERE TAG_ID=60 +COMMIT +/*C3*/DELETE FROM HISTORY WHERE HISTORYID=18 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=30 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=63 +DELETE FROM ALERT_TAG WHERE TAG_ID=64 +COMMIT +/*C3*/DELETE FROM HISTORY WHERE HISTORYID=19 +COMMIT +DELETE FROM HISTORY WHERE HISTORYID=20 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=32 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=67 +DELETE FROM ALERT_TAG WHERE TAG_ID=68 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=33 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=69 +DELETE FROM ALERT_TAG WHERE TAG_ID=70 +COMMIT +/*C3*/DELETE FROM HISTORY WHERE HISTORYID=21 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=34 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=71 +DELETE FROM ALERT_TAG WHERE TAG_ID=72 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=35 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=73 +DELETE FROM ALERT_TAG WHERE TAG_ID=74 +COMMIT +/*C3*/DELETE FROM HISTORY WHERE HISTORYID=22 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=37 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=77 +DELETE FROM ALERT_TAG WHERE TAG_ID=78 +COMMIT +/*C3*/DELETE FROM HISTORY WHERE HISTORYID=23 +COMMIT +DELETE FROM HISTORY WHERE HISTORYID=24 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=39 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=81 +DELETE FROM ALERT_TAG WHERE TAG_ID=82 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=40 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=83 +DELETE FROM ALERT_TAG WHERE TAG_ID=84 +COMMIT +/*C3*/DELETE FROM HISTORY WHERE HISTORYID=25 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=41 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=85 +DELETE FROM ALERT_TAG WHERE TAG_ID=86 +COMMIT +/*C5*/DELETE FROM ALERT WHERE ALERTID=42 +COMMIT +/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=87 +DELETE FROM ALERT_TAG WHERE TAG_ID=88 +COMMIT +/*C3*/DELETE FROM HISTORY WHERE HISTORYID=3 +COMMIT +DELETE FROM HISTORY WHERE HISTORYID=2 +COMMIT +DELETE FROM HISTORY WHERE HISTORYID=26 +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(72,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 73 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=71 +INSERT INTO BLOCKS VALUES(71,1,0) +INSERT INTO BLOCKS VALUES(72,2147483575,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=71 +INSERT INTO LOBS VALUES(71,1,0,72) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(72,1,'2024-03-02 03:35:57.957000',1,72,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=72 +INSERT INTO LOB_IDS VALUES(72,64,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(73,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 74 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=72 +INSERT INTO BLOCKS VALUES(72,1,0) +INSERT INTO BLOCKS VALUES(73,2147483574,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=72 +INSERT INTO LOBS VALUES(72,1,0,73) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(73,1,'2024-03-02 03:36:07.957000',1,73,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=73 +INSERT INTO LOB_IDS VALUES(73,64,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(74,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 75 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=73 +INSERT INTO BLOCKS VALUES(73,1,0) +INSERT INTO BLOCKS VALUES(74,2147483573,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=73 +INSERT INTO LOBS VALUES(73,1,0,74) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(74,1,'2024-03-02 03:36:17.963000',1,74,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=74 +INSERT INTO LOB_IDS VALUES(74,64,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(75,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 76 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=74 +INSERT INTO BLOCKS VALUES(74,1,0) +INSERT INTO BLOCKS VALUES(75,2147483572,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=74 +INSERT INTO LOBS VALUES(74,1,0,75) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(75,1,'2024-03-02 03:36:27.964000',1,75,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=75 +INSERT INTO LOB_IDS VALUES(75,64,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(76,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 77 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=75 +INSERT INTO BLOCKS VALUES(75,1,0) +INSERT INTO BLOCKS VALUES(76,2147483571,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=75 +INSERT INTO LOBS VALUES(75,1,0,76) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(76,1,'2024-03-02 03:36:37.967000',1,76,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=76 +INSERT INTO LOB_IDS VALUES(76,64,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(77,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 78 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=76 +INSERT INTO BLOCKS VALUES(76,1,0) +INSERT INTO BLOCKS VALUES(77,2147483570,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=76 +INSERT INTO LOBS VALUES(76,1,0,77) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(77,1,'2024-03-02 03:36:47.973000',1,77,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=77 +INSERT INTO LOB_IDS VALUES(77,64,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(78,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 79 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=77 +INSERT INTO BLOCKS VALUES(77,1,0) +INSERT INTO BLOCKS VALUES(78,2147483569,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=77 +INSERT INTO LOBS VALUES(77,1,0,78) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(78,1,'2024-03-02 03:36:57.976000',1,78,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=78 +INSERT INTO LOB_IDS VALUES(78,64,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(79,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 80 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=78 +INSERT INTO BLOCKS VALUES(78,1,0) +INSERT INTO BLOCKS VALUES(79,2147483568,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=78 +INSERT INTO LOBS VALUES(78,1,0,79) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(79,1,'2024-03-02 03:37:08.102000',1,79,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=79 +INSERT INTO LOB_IDS VALUES(79,64,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(80,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 81 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=79 +INSERT INTO BLOCKS VALUES(79,1,0) +INSERT INTO BLOCKS VALUES(80,2147483567,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=79 +INSERT INTO LOBS VALUES(79,1,0,80) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(80,1,'2024-03-02 03:37:18.133000',1,80,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=80 +INSERT INTO LOB_IDS VALUES(80,64,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(81,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 82 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=80 +INSERT INTO BLOCKS VALUES(80,1,0) +INSERT INTO BLOCKS VALUES(81,2147483566,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=80 +INSERT INTO LOBS VALUES(80,1,0,81) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(81,1,'2024-03-02 03:37:28.152000',1,81,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=81 +INSERT INTO LOB_IDS VALUES(81,64,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(82,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 83 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=81 +INSERT INTO BLOCKS VALUES(81,1,0) +INSERT INTO BLOCKS VALUES(82,2147483565,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=81 +INSERT INTO LOBS VALUES(81,1,0,82) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(82,1,'2024-03-02 03:37:38.962000',1,82,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=82 +INSERT INTO LOB_IDS VALUES(82,64,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(27,1709346750724,15,200,1709347068648,206,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Windows 95; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/\u000d\u000aUpgrade-Insecure-Requests: 1\u000d\u000aSec-Fetch-Dest: document\u000d\u000aSec-Fetch-Mode: navigate\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000aSec-Fetch-User: ?1\u000d\u000acontent-length: 0\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:37:48 GMT\u000d\u000aContent-Type: text/html\u000d\u000aContent-Length: 1366\u000d\u000aLast-Modified: Thu, 01 Jan 1970 00:00:01 GMT\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-556"\u000d\u000aCache-Control: no-store\u000d\u000aAccept-Ranges: bytes\u000d\u000a\u000d\u000a','3c68746d6c3e0a3c686561643e0a202020203c7469746c653e496e74726f20746f2057656220323c2f7469746c653e0a202020203c6d65746120636861727365743d225554462d38223e0a202020203c6c696e6b2072656c3d227374796c6573686565742220747970653d22746578742f6373732220687265663d227374796c652e63737322202f3e0a3c2f686561643e0a3c626f64793e0a3c68313e24284745524d414e5f4349545929205472616d205469636b6574204d616368696e653c2f68313e0a0a3c68333e47657420796f7572203c7370616e207374796c653d22746578742d6465636f726174696f6e3a206c696e652d7468726f7567683b223e7469636b65743c2f7370616e3e20666c61672068657265213c2f68333e0a3c68723e0a57697468207468652068656c70206f66206f75722073746174652d6f662d7468652d61727420666c6f707079206469736b20737769746368696e6720726f626f74732c20796f752063616e206e6f772072656164207468652066697273740a70617274206f662074686520666c616720696e207265616c2074696d65210a3c703e0a466c6167207061727420312f343a203c7370616e207374796c653d22636f6c6f723a20677265656e3b20666f6e742d66616d696c793a2027436f7572696572204e6577272c206d6f6e6f73706163653b223e0a20202020435343477b3c7370616e2069643d22666c6167223e2e2e2e2e2e2e2e2e3c2f7370616e3e3c2f7370616e3e0a0a3c212d2d0a4e6f2074696d6520746f20776169742c2072696768743f0a2d2d3e0a0a3c7363726970743e0a666c6167203d20226c396a6a3535304b220a73796d626f6c7352657665616c6564203d20300a7761697454696d65203d20313030303b0a0a66756e6374696f6e206e65787453796d626f6c2829207b0a202020206966202873796d626f6c7352657665616c6564203e3d20666c61672e6c656e677468292072657475726e3b0a2020202073796d626f6c7352657665616c65642b2b3b0a0a202020207761697454696d65202a3d20323b0a2020202073657454696d656f7574286e65787453796d626f6c2c207761697454696d65293b0a7d0a0a66756e6374696f6e207370696e2829207b0a20202020636f6e737420666c616750617274203d20666c61672e73756273747228302c2073796d626f6c7352657665616c6564293b0a20202020636f6e737420616c706861626574203d2028224142434445464748494a4b4c4d4e4f5052535455565758595a61626364656668696b6c6d6e6f727374757677787a3031323334353637383922290a20202020636f6e73742072616e646f6d53796d626f6c203d0a202020202020202073796d626f6c7352657665616c6564203c20666c61672e6c656e6774680a2020202020202020202020203f20616c7068616265742e636861724174284d6174682e666c6f6f72284d6174682e72616e646f6d2829202a20616c7068616265742e6c656e67746829290a2020202020202020202020203a2022223b0a20202020636f6e737420737566666978203d20222e222e726570656174284d6174682e6d617828302c20666c61672e6c656e677468202d2031202d2073796d626f6c7352657665616c656429293b0a0a20202020646f63756d656e742e676574456c656d656e74427949642822666c616722292e696e6e657248544d4c203d20666c616750617274202b2072616e646f6d53796d626f6c202b207375666669783b0a7d0a0a73657454696d656f7574286e65787453796d626f6c2c207761697454696d65293b0a736574496e74657276616c287370696e2c203530293b0a3c2f7363726970743e0a0a3c2f626f64793e0a3c2f68746d6c3e',NULL,'',TRUE) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(83,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 84 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=82 +INSERT INTO BLOCKS VALUES(82,1,0) +INSERT INTO BLOCKS VALUES(83,2147483564,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=82 +INSERT INTO LOBS VALUES(82,1,0,83) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(83,1,'2024-03-02 03:37:49.010000',1,83,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=83 +INSERT INTO LOB_IDS VALUES(83,64,1,40) +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=9 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Server' AND USED=2 AND FLAGS='' AND VALS='nginx/1.24.0' +INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',3,'','nginx/1.24.0') +COMMIT +DELETE FROM PARAM WHERE PARAMID=10 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Date' AND USED=2 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT' +INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',3,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=11 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Type' AND USED=2 AND FLAGS='' AND VALS='text/html,text/plain' +INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',3,'','text/html,text/plain') +COMMIT +DELETE FROM PARAM WHERE PARAMID=12 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Length' AND USED=2 AND FLAGS='' AND VALS='287,384' +INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',3,'','287,1366,384') +COMMIT +DELETE FROM PARAM WHERE PARAMID=15 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Last-Modified' AND USED=1 AND FLAGS='' AND VALS='Thu%2C 01 Jan 1970 00:00:01 GMT' +INSERT INTO PARAM VALUES(15,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Last-Modified',2,'','Thu%2C 01 Jan 1970 00:00:01 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=13 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Connection' AND USED=2 AND FLAGS='' AND VALS='keep-alive' +INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',3,'','keep-alive') +COMMIT +DELETE FROM PARAM WHERE PARAMID=14 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='ETag' AND USED=2 AND FLAGS='' AND VALS='"1-180","1-11f"' +INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',3,'','"1-180","1-11f","1-556"') +COMMIT +DELETE FROM PARAM WHERE PARAMID=16 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Cache-Control' AND USED=1 AND FLAGS='' AND VALS='no-store' +INSERT INTO PARAM VALUES(16,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Cache-Control',2,'','no-store') +COMMIT +DELETE FROM PARAM WHERE PARAMID=17 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Accept-Ranges' AND USED=1 AND FLAGS='' AND VALS='bytes' +INSERT INTO PARAM VALUES(17,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Accept-Ranges',2,'','bytes') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(43,0,10020,'Missing Anti-clickjacking Header',2,2,'The response does not include either Content-Security-Policy with ''frame-ancestors'' directive or X-Frame-Options to protect against ''ClickJacking'' attacks.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','x-frame-options','','Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\u000aIf you expect the page to be framed only by pages on your server (e.g. it''s part of a FRAMESET) then you''ll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy''s "frame-ancestors" directive.','https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options',27,27,'','',1021,15,3,'','10020-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(89,43,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(90,43,'WSTG-v42-CLNT-09','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking') +COMMIT +INSERT INTO ALERT_TAG VALUES(91,43,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(84,630,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 85 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=83 +INSERT INTO BLOCKS VALUES(83,1,0) +INSERT INTO BLOCKS VALUES(84,2147483563,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=83 +INSERT INTO LOBS VALUES(83,1,0,84) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(84,1,'2024-03-02 03:37:49.436000',1,84,NULL,630,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=84 +INSERT INTO LOB_IDS VALUES(84,630,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(44,0,10015,'Re-examine Cache-control Directives',0,1,'The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','cache-control','','For secure content, ensure the cache-control HTTP header is set with "no-cache, no-store, must-revalidate". If an asset should be cached consider setting the directives "public, max-age, immutable".','https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\u000ahttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control\u000ahttps://grayduck.mn/2021/09/13/cache-control-recommendations/',27,27,'','no-store',525,13,3,'','10015') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(92,44,'WSTG-v42-ATHN-06','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(85,635,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 86 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=84 +INSERT INTO BLOCKS VALUES(84,1,0) +INSERT INTO BLOCKS VALUES(85,2147483562,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=84 +INSERT INTO LOBS VALUES(84,1,0,85) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(85,1,'2024-03-02 03:37:49.459000',1,85,NULL,635,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=85 +INSERT INTO LOB_IDS VALUES(85,635,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(45,0,10038,'Content Security Policy (CSP) Header Not Set',2,3,'Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page \u2014 covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.','https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy\u000ahttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\u000ahttps://www.w3.org/TR/CSP/\u000ahttps://w3c.github.io/webappsec-csp/\u000ahttps://web.dev/articles/csp\u000ahttps://caniuse.com/#feat=contentsecuritypolicy\u000ahttps://content-security-policy.com/',27,27,'','',693,15,3,'','10038-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(93,45,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(94,45,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(86,625,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 87 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=85 +INSERT INTO BLOCKS VALUES(85,1,0) +INSERT INTO BLOCKS VALUES(86,2147483561,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=85 +INSERT INTO LOBS VALUES(85,1,0,86) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(86,1,'2024-03-02 03:37:49.464000',1,86,NULL,625,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=86 +INSERT INTO LOB_IDS VALUES(86,625,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(46,0,10109,'Modern Web Application',0,2,'The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','No links have been found while there are scripts, which is an indication that this is a modern web application.','This is an informational alert and so no changes are required.','',27,27,'','',-1,-1,3,'','10109') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(87,612,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 88 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=86 +INSERT INTO BLOCKS VALUES(86,1,0) +INSERT INTO BLOCKS VALUES(87,2147483560,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=86 +INSERT INTO LOBS VALUES(86,1,0,87) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(87,1,'2024-03-02 03:37:49.486000',1,87,NULL,612,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=87 +INSERT INTO LOB_IDS VALUES(87,612,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(47,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',27,27,'','nginx/1.24.0',200,13,3,'','10036') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(95,47,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(96,47,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +INSERT INTO ALERT_TAG VALUES(97,47,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(88,652,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 89 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=87 +INSERT INTO BLOCKS VALUES(87,1,0) +INSERT INTO BLOCKS VALUES(88,2147483559,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=87 +INSERT INTO LOBS VALUES(87,1,0,88) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(88,1,'2024-03-02 03:37:49.514000',1,88,NULL,652,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=88 +INSERT INTO LOB_IDS VALUES(88,652,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(48,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',27,27,'','',319,15,3,'','10035-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(98,48,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(99,48,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(89,618,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 90 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=88 +INSERT INTO BLOCKS VALUES(88,1,0) +INSERT INTO BLOCKS VALUES(89,2147483558,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=88 +INSERT INTO LOBS VALUES(88,1,0,89) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(89,1,'2024-03-02 03:37:49.518000',1,89,NULL,618,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=89 +INSERT INTO LOB_IDS VALUES(89,618,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(49,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',27,27,'','',693,15,3,'','10021') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(100,49,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(101,49,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(90,639,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 91 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=89 +INSERT INTO BLOCKS VALUES(89,1,0) +INSERT INTO BLOCKS VALUES(90,2147483557,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=89 +INSERT INTO LOBS VALUES(89,1,0,90) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(90,1,'2024-03-02 03:37:49.522000',1,90,NULL,639,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=90 +INSERT INTO LOB_IDS VALUES(90,639,1,40) +COMMIT +/*C8*/SET SCHEMA PUBLIC +INSERT INTO TAG VALUES(1,27,'Script') +COMMIT +INSERT INTO TAG VALUES(2,27,'Comment') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(91,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 92 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=90 +INSERT INTO BLOCKS VALUES(90,1,0) +INSERT INTO BLOCKS VALUES(91,2147483556,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=90 +INSERT INTO LOBS VALUES(90,1,0,91) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(91,1,'2024-03-02 03:37:59.053000',1,91,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=91 +INSERT INTO LOB_IDS VALUES(91,64,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(92,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 93 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=91 +INSERT INTO BLOCKS VALUES(91,1,0) +INSERT INTO BLOCKS VALUES(92,2147483555,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=91 +INSERT INTO LOBS VALUES(91,1,0,92) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(92,1,'2024-03-02 03:38:09.054000',1,92,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=92 +INSERT INTO LOB_IDS VALUES(92,64,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(93,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 94 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=92 +INSERT INTO BLOCKS VALUES(92,1,0) +INSERT INTO BLOCKS VALUES(93,2147483554,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=92 +INSERT INTO LOBS VALUES(92,1,0,93) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(93,1,'2024-03-02 03:38:19.056000',1,93,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=93 +INSERT INTO LOB_IDS VALUES(93,64,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(94,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 95 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=93 +INSERT INTO BLOCKS VALUES(93,1,0) +INSERT INTO BLOCKS VALUES(94,2147483553,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=93 +INSERT INTO LOBS VALUES(93,1,0,94) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(94,1,'2024-03-02 03:38:29.059000',1,94,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=94 +INSERT INTO LOB_IDS VALUES(94,64,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(95,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 96 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=94 +INSERT INTO BLOCKS VALUES(94,1,0) +INSERT INTO BLOCKS VALUES(95,2147483552,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=94 +INSERT INTO LOBS VALUES(94,1,0,95) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(95,1,'2024-03-02 03:38:39.059000',1,95,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=95 +INSERT INTO LOB_IDS VALUES(95,64,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(28,1709346750724,1,403,1709347121300,30,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aUpgrade-Insecure-Requests: 1\u000d\u000aSec-Fetch-Dest: document\u000d\u000aSec-Fetch-Mode: navigate\u000d\u000aSec-Fetch-Site: none\u000d\u000aSec-Fetch-User: ?1\u000d\u000a\u000d\u000a','','HTTP/1.1 403 Forbidden\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:38:41 GMT\u000d\u000aContent-Type: text/html\u000d\u000aContent-Length: 384\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-180"\u000d\u000a\u000d\u000a','3c68746d6c3e0a3c686561643e0a202020203c7469746c653e496e74726f20746f2057656220323c2f7469746c653e0a202020203c6d65746120636861727365743d225554462d38223e0a202020203c6c696e6b2072656c3d227374796c6573686565742220747970653d22746578742f6373732220687265663d227374796c652e63737322202f3e0a3c2f686561643e0a3c626f64793e0a3c68313e24284745524d414e5f4349545929205472616d205469636b6574204d616368696e653c2f68313e0a0a3c68333e3c7370616e207374796c653d22636f6c6f723a20726564223e496e736563757265206f7065726174696e672073797374656d213c2f7370616e3e3c2f68333e0a3c68723e0a466f7220734563557249745920724561536f4e732c20796f75206e65656420746f2075706461746520796f75722073797374656d20746f2057696e646f7773203935206265666f726520616363657373696e6720746869732077656273697465210a3c2f626f64793e0a3c2f68746d6c3e',NULL,'',TRUE) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(96,354,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 97 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=95 +INSERT INTO BLOCKS VALUES(95,1,0) +INSERT INTO BLOCKS VALUES(96,2147483551,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=95 +INSERT INTO LOBS VALUES(95,1,0,96) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(96,1,'2024-03-02 03:38:41.333000',1,96,NULL,354,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=96 +INSERT INTO LOB_IDS VALUES(96,354,1,40) +COMMIT +/*C3*/INSERT INTO HISTORY VALUES(29,1709346750724,1,200,1709347121392,40,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/css,*/*;q=0.1\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html\u000d\u000aSec-Fetch-Dest: style\u000d\u000aSec-Fetch-Mode: no-cors\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:38:41 GMT\u000d\u000aContent-Type: text/plain\u000d\u000aContent-Length: 287\u000d\u000aLast-Modified: Thu, 01 Jan 1970 00:00:01 GMT\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-11f"\u000d\u000aCache-Control: no-store\u000d\u000aAccept-Ranges: bytes\u000d\u000a\u000d\u000a','68746d6c207b0a202020206d61782d77696474683a20373063683b0a2020202070616464696e673a2033656d2031656d3b0a202020206d617267696e3a206175746f3b0a202020206c696e652d6865696768743a20312e37353b0a20202020666f6e742d73697a653a20312e3235656d3b0a0a202020206261636b67726f756e642d636f6c6f723a20233145323132323b0a20202020636f6c6f723a20234244423741463b0a7d0a68312c2068322c206833207b0a20202020636f6c6f723a20234538453645333b0a7d0a6872207b0a202020206d617267696e2d746f703a202d31656d3b0a7d0a61207b0a20202020636f6c6f723a206c69676874626c75653b0a20202020746578742d6465636f726174696f6e3a206e6f6e653b0a7d0a',NULL,'',TRUE) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(50,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',29,29,'','nginx/1.24.0',200,13,3,'','10036') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(102,50,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(103,50,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +INSERT INTO ALERT_TAG VALUES(104,50,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=9 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Server' AND USED=3 AND FLAGS='' AND VALS='nginx/1.24.0' +INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',4,'','nginx/1.24.0') +COMMIT +DELETE FROM PARAM WHERE PARAMID=10 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Date' AND USED=3 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT' +INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',4,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:38:41 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=11 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Type' AND USED=3 AND FLAGS='' AND VALS='text/html,text/plain' +INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',4,'','text/html,text/plain') +COMMIT +DELETE FROM PARAM WHERE PARAMID=12 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Length' AND USED=3 AND FLAGS='' AND VALS='287,1366,384' +INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',4,'','287,1366,384') +COMMIT +DELETE FROM PARAM WHERE PARAMID=13 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Connection' AND USED=3 AND FLAGS='' AND VALS='keep-alive' +INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',4,'','keep-alive') +COMMIT +DELETE FROM PARAM WHERE PARAMID=14 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='ETag' AND USED=3 AND FLAGS='' AND VALS='"1-180","1-11f","1-556"' +INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',4,'','"1-180","1-11f","1-556"') +COMMIT +DELETE FROM PARAM WHERE PARAMID=9 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Server' AND USED=4 AND FLAGS='' AND VALS='nginx/1.24.0' +INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',5,'','nginx/1.24.0') +COMMIT +DELETE FROM PARAM WHERE PARAMID=10 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Date' AND USED=4 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:38:41 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT' +INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',5,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:38:41 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT') +COMMIT +DELETE FROM PARAM WHERE PARAMID=11 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Type' AND USED=4 AND FLAGS='' AND VALS='text/html,text/plain' +INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',5,'','text/html,text/plain') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(51,0,10038,'Content Security Policy (CSP) Header Not Set',2,3,'Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page \u2014 covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.','https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy\u000ahttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\u000ahttps://www.w3.org/TR/CSP/\u000ahttps://w3c.github.io/webappsec-csp/\u000ahttps://web.dev/articles/csp\u000ahttps://caniuse.com/#feat=contentsecuritypolicy\u000ahttps://content-security-policy.com/',28,28,'','',693,15,3,'','10038-1') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=12 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Length' AND USED=4 AND FLAGS='' AND VALS='287,1366,384' +INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',5,'','287,1366,384') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(97,339,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 98 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=96 +INSERT INTO BLOCKS VALUES(96,1,0) +INSERT INTO BLOCKS VALUES(97,2147483550,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=96 +INSERT INTO LOBS VALUES(96,1,0,97) +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(105,51,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(106,51,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=15 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Last-Modified' AND USED=2 AND FLAGS='' AND VALS='Thu%2C 01 Jan 1970 00:00:01 GMT' +INSERT INTO PARAM VALUES(15,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Last-Modified',3,'','Thu%2C 01 Jan 1970 00:00:01 GMT') +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(97,1,'2024-03-02 03:38:41.437000',1,97,NULL,339,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=97 +INSERT INTO LOB_IDS VALUES(97,339,1,40) +COMMIT +/*C10*/DELETE FROM PARAM WHERE PARAMID=13 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Connection' AND USED=4 AND FLAGS='' AND VALS='keep-alive' +INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',5,'','keep-alive') +COMMIT +DELETE FROM PARAM WHERE PARAMID=14 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='ETag' AND USED=4 AND FLAGS='' AND VALS='"1-180","1-11f","1-556"' +INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',5,'','"1-180","1-11f","1-556"') +COMMIT +DELETE FROM PARAM WHERE PARAMID=16 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Cache-Control' AND USED=2 AND FLAGS='' AND VALS='no-store' +INSERT INTO PARAM VALUES(16,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Cache-Control',3,'','no-store') +COMMIT +DELETE FROM PARAM WHERE PARAMID=17 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Accept-Ranges' AND USED=2 AND FLAGS='' AND VALS='bytes' +INSERT INTO PARAM VALUES(17,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Accept-Ranges',3,'','bytes') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(98,625,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 99 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=97 +INSERT INTO BLOCKS VALUES(97,1,0) +INSERT INTO BLOCKS VALUES(98,2147483549,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=97 +INSERT INTO LOBS VALUES(97,1,0,98) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(98,1,'2024-03-02 03:38:41.439000',1,98,NULL,625,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=98 +INSERT INTO LOB_IDS VALUES(98,625,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(99,622,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 100 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=98 +INSERT INTO BLOCKS VALUES(98,1,0) +INSERT INTO BLOCKS VALUES(99,2147483548,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=98 +INSERT INTO LOBS VALUES(98,1,0,99) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(99,1,'2024-03-02 03:38:41.440000',1,99,NULL,622,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=99 +INSERT INTO LOB_IDS VALUES(99,622,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(52,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',29,29,'','',319,15,3,'','10035-1') +COMMIT +INSERT INTO ALERT VALUES(53,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',28,28,'','nginx/1.24.0',200,13,3,'','10036') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(107,53,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(108,53,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +INSERT INTO ALERT_TAG VALUES(109,53,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server') +COMMIT +INSERT INTO ALERT_TAG VALUES(110,52,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(111,52,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(100,588,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 101 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=99 +INSERT INTO BLOCKS VALUES(99,1,0) +INSERT INTO BLOCKS VALUES(100,2147483547,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=99 +INSERT INTO LOBS VALUES(99,1,0,100) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(101,1,'2024-03-02 03:38:41.449000',1,100,NULL,588,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=100 +INSERT INTO LOB_IDS VALUES(100,588,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(101,652,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 102 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=100 +INSERT INTO BLOCKS VALUES(100,1,0) +INSERT INTO BLOCKS VALUES(101,2147483546,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=100 +INSERT INTO LOBS VALUES(100,1,0,101) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(100,1,'2024-03-02 03:38:41.449000',1,101,NULL,652,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=101 +INSERT INTO LOB_IDS VALUES(101,652,1,40) +COMMIT +/*C5*/INSERT INTO ALERT VALUES(54,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',28,28,'','',319,15,3,'','10035-1') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(112,54,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(113,54,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C5*/INSERT INTO ALERT VALUES(55,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',29,29,'','',693,15,3,'','10021') +COMMIT +/*C6*/INSERT INTO ALERT_TAG VALUES(114,55,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') +COMMIT +INSERT INTO ALERT_TAG VALUES(115,55,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(102,618,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 103 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=101 +INSERT INTO BLOCKS VALUES(101,1,0) +INSERT INTO BLOCKS VALUES(102,2147483545,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=101 +INSERT INTO LOBS VALUES(101,1,0,102) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(103,1,'2024-03-02 03:38:41.472000',1,102,NULL,618,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=102 +INSERT INTO LOB_IDS VALUES(102,618,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(103,609,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 104 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=102 +INSERT INTO BLOCKS VALUES(102,1,0) +INSERT INTO BLOCKS VALUES(103,2147483544,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=102 +INSERT INTO LOBS VALUES(102,1,0,103) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(102,1,'2024-03-02 03:38:41.472000',1,103,NULL,609,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=103 +INSERT INTO LOB_IDS VALUES(103,609,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(104,201,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 105 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=103 +INSERT INTO BLOCKS VALUES(103,1,0) +INSERT INTO BLOCKS VALUES(104,2147483543,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=103 +INSERT INTO LOBS VALUES(103,1,0,104) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(104,1,'2024-03-02 03:38:41.813000',1,104,NULL,201,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=104 +INSERT INTO LOB_IDS VALUES(104,201,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(105,2013,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 106 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=104 +INSERT INTO BLOCKS VALUES(104,1,0) +INSERT INTO BLOCKS VALUES(105,2147483542,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=104 +INSERT INTO LOBS VALUES(104,1,0,105) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(105,1,'2024-03-02 03:38:41.817000',1,105,NULL,2013,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=105 +INSERT INTO LOB_IDS VALUES(105,2013,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(106,176,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 107 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=105 +INSERT INTO BLOCKS VALUES(105,1,0) +INSERT INTO BLOCKS VALUES(106,2147483541,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=105 +INSERT INTO LOBS VALUES(105,1,0,106) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(106,1,'2024-03-02 03:38:41.817000',1,106,NULL,176,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=106 +INSERT INTO LOB_IDS VALUES(106,176,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(107,2662,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 108 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=106 +INSERT INTO BLOCKS VALUES(106,1,0) +INSERT INTO BLOCKS VALUES(107,2147483540,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=106 +INSERT INTO LOBS VALUES(106,1,0,107) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(107,1,'2024-03-02 03:38:41.821000',1,107,NULL,2662,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=107 +INSERT INTO LOB_IDS VALUES(107,2662,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(108,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 109 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=107 +INSERT INTO BLOCKS VALUES(107,1,0) +INSERT INTO BLOCKS VALUES(108,2147483539,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=107 +INSERT INTO LOBS VALUES(107,1,0,108) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(108,1,'2024-03-02 03:38:49.061000',1,108,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=108 +INSERT INTO LOB_IDS VALUES(108,64,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(109,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 110 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=108 +INSERT INTO BLOCKS VALUES(108,1,0) +INSERT INTO BLOCKS VALUES(109,2147483538,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=108 +INSERT INTO LOBS VALUES(108,1,0,109) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(109,1,'2024-03-02 03:38:59.082000',1,109,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=109 +INSERT INTO LOB_IDS VALUES(109,64,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(110,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 111 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=109 +INSERT INTO BLOCKS VALUES(109,1,0) +INSERT INTO BLOCKS VALUES(110,2147483537,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=109 +INSERT INTO LOBS VALUES(109,1,0,110) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(110,1,'2024-03-02 03:39:09.067000',1,110,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=110 +INSERT INTO LOB_IDS VALUES(110,64,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(111,64,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 112 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=110 +INSERT INTO BLOCKS VALUES(110,1,0) +INSERT INTO BLOCKS VALUES(111,2147483536,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=110 +INSERT INTO LOBS VALUES(110,1,0,111) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(111,1,'2024-03-02 03:39:19.068000',1,111,NULL,64,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=111 +INSERT INTO LOB_IDS VALUES(111,64,1,40) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(112,4,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 113 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=111 +INSERT INTO BLOCKS VALUES(111,1,0) +INSERT INTO BLOCKS VALUES(112,2147483535,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=111 +INSERT INTO LOBS VALUES(111,1,0,112) +COMMIT +/*C13*/SET SCHEMA PUBLIC +INSERT INTO WEBSOCKET_MESSAGE VALUES(112,1,'2024-03-02 03:39:49.071000',8,112,NULL,2,TRUE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=112 +INSERT INTO LOB_IDS VALUES(112,4,1,40) +COMMIT +SET SCHEMA PUBLIC +DELETE FROM WEBSOCKET_CHANNEL WHERE CHANNEL_ID=1 +INSERT INTO WEBSOCKET_CHANNEL VALUES(1,'zap',443,'','2024-03-02 03:34:57.550000','2024-03-02 03:40:10.105000',NULL) +COMMIT +/*C1*/INSERT INTO LOB_IDS VALUES(113,197,0,40) +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 114 +COMMIT +DELETE FROM BLOCKS WHERE BLOCK_ADDR=112 +INSERT INTO BLOCKS VALUES(112,1,0) +INSERT INTO BLOCKS VALUES(113,2147483534,0) +DELETE FROM BLOCKS WHERE BLOCK_ADDR=112 +INSERT INTO LOBS VALUES(112,1,0,113) +COMMIT +/*C13*/INSERT INTO WEBSOCKET_MESSAGE VALUES(113,1,'2024-03-02 03:40:10.105000',1,113,NULL,197,FALSE) +SET SCHEMA SYSTEM_LOBS +DELETE FROM LOB_IDS WHERE LOB_ID=113 +INSERT INTO LOB_IDS VALUES(113,197,1,40) +COMMIT diff --git a/cscg24/web/intro_web_2/intro_web_2_session.session.properties b/cscg24/web/intro_web_2/intro_web_2_session.session.properties new file mode 100644 index 0000000..75e79aa --- /dev/null +++ b/cscg24/web/intro_web_2/intro_web_2_session.session.properties @@ -0,0 +1,5 @@ +#HSQL Database Engine 2.7.2 +#Sat Mar 02 03:32:43 CET 2024 +tx_timestamp=543 +modified=yes +version=2.7.2 diff --git a/cscg24/web/intro_web_2/intro_web_2_session.session.script b/cscg24/web/intro_web_2/intro_web_2_session.session.script new file mode 100644 index 0000000..a167063 --- /dev/null +++ b/cscg24/web/intro_web_2/intro_web_2_session.session.script @@ -0,0 +1,83 @@ +SET DATABASE UNIQUE NAME HSQLDB379AF3DEBD +SET DATABASE DEFAULT RESULT MEMORY ROWS 0 +SET DATABASE EVENT LOG LEVEL 0 +SET DATABASE TRANSACTION CONTROL LOCKS +SET DATABASE DEFAULT ISOLATION LEVEL READ COMMITTED +SET DATABASE TRANSACTION ROLLBACK ON CONFLICT TRUE +SET DATABASE TEXT TABLE DEFAULTS '' +SET DATABASE SQL NAMES FALSE +SET DATABASE SQL RESTRICT EXEC FALSE +SET DATABASE SQL REFERENCES FALSE +SET DATABASE SQL SIZE TRUE +SET DATABASE SQL TYPES FALSE +SET DATABASE SQL TDC DELETE TRUE +SET DATABASE SQL TDC UPDATE TRUE +SET DATABASE SQL SYS INDEX NAMES FALSE +SET DATABASE SQL CONCAT NULLS TRUE +SET DATABASE SQL UNIQUE NULLS TRUE +SET DATABASE SQL CONVERT TRUNCATE TRUE +SET DATABASE SQL AVG SCALE 0 +SET DATABASE SQL DOUBLE NAN TRUE +SET FILES WRITE DELAY 20 MILLIS +SET FILES BACKUP INCREMENT TRUE +SET FILES CACHE SIZE 32000 +SET FILES CACHE ROWS 50000 +SET FILES SCALE 64 +SET FILES LOB SCALE 32 +SET FILES DEFRAG 0 +SET FILES NIO TRUE +SET FILES NIO SIZE 256 +SET FILES LOG TRUE +SET FILES LOG SIZE 50 +SET FILES CHECK 543 +SET DATABASE COLLATION SQL_TEXT PAD SPACE +CREATE USER SA PASSWORD DIGEST 'd41d8cd98f00b204e9800998ecf8427e' +ALTER USER SA SET LOCAL TRUE +CREATE SCHEMA PUBLIC AUTHORIZATION DBA +CREATE CACHED TABLE PUBLIC.HISTORY(HISTORYID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL PRIMARY KEY,SESSIONID BIGINT NOT NULL,HISTTYPE INTEGER DEFAULT 1,STATUSCODE INTEGER DEFAULT 0,TIMESENTMILLIS BIGINT DEFAULT 0,TIMEELAPSEDMILLIS INTEGER DEFAULT 0,METHOD VARCHAR(1024) DEFAULT '',URI VARCHAR(1048576) DEFAULT '',REQHEADER VARCHAR(4194304) DEFAULT '',REQBODY VARBINARY(16777216) DEFAULT X'',RESHEADER VARCHAR(4194304) DEFAULT '',RESBODY VARBINARY(16777216) DEFAULT X'',TAG VARCHAR(32768) DEFAULT '',NOTE VARCHAR(1048576) DEFAULT '',RESPONSEFROMTARGETHOST BOOLEAN DEFAULT FALSE) +ALTER TABLE PUBLIC.HISTORY ALTER COLUMN HISTORYID RESTART WITH 1 +CREATE INDEX HISTORY_INDEX ON PUBLIC.HISTORY(URI,METHOD,REQBODY,SESSIONID,HISTTYPE,HISTORYID,STATUSCODE) +CREATE INDEX INDEX_HISTORY_HISTTYPE ON PUBLIC.HISTORY(HISTTYPE) +CREATE INDEX INDEX_HISTORY_SESSIONID ON PUBLIC.HISTORY(SESSIONID) +CREATE CACHED TABLE PUBLIC.SESSION(SESSIONID BIGINT NOT NULL PRIMARY KEY,SESSIONNAME VARCHAR(32768) DEFAULT '',LASTACCESS TIMESTAMP DEFAULT LOCALTIMESTAMP NOT NULL) +CREATE CACHED TABLE PUBLIC.ALERT(ALERTID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 0) NOT NULL PRIMARY KEY,SCANID INTEGER NOT NULL,PLUGINID INTEGER DEFAULT 0,ALERT VARCHAR(16777216) DEFAULT '',RISK INTEGER DEFAULT 0,RELIABILITY INTEGER DEFAULT 1,DESCRIPTION VARCHAR(16777216) DEFAULT '',URI VARCHAR(1048576) DEFAULT '',PARAM VARCHAR(32768) DEFAULT '',OTHERINFO VARCHAR(16777216) DEFAULT '',SOLUTION VARCHAR(16777216) DEFAULT '',REFERENCE VARCHAR(16777216) DEFAULT '',HISTORYID INTEGER,SOURCEHISTORYID INTEGER DEFAULT 0,ATTACK VARCHAR(32768) DEFAULT '',EVIDENCE VARCHAR(16777216) DEFAULT '',CWEID INTEGER DEFAULT -1,WASCID INTEGER DEFAULT -1,SOURCEID INTEGER DEFAULT 0,INPUT_VECTOR VARCHAR(256) DEFAULT '',ALERTREF VARCHAR(256) DEFAULT '') +ALTER TABLE PUBLIC.ALERT ALTER COLUMN ALERTID RESTART WITH 0 +CREATE INDEX ALERT_INDEX ON PUBLIC.ALERT(SOURCEHISTORYID) +CREATE INDEX INDEX_ALERT_SOURCEID ON PUBLIC.ALERT(SOURCEID) +CREATE CACHED TABLE PUBLIC.SCAN(SCANID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 0) NOT NULL PRIMARY KEY,SESSIONID BIGINT NOT NULL,SCANNAME VARCHAR(32768) DEFAULT '',SCANTIME TIMESTAMP DEFAULT LOCALTIMESTAMP NOT NULL) +ALTER TABLE PUBLIC.SCAN ALTER COLUMN SCANID RESTART WITH 0 +CREATE CACHED TABLE PUBLIC.CONTEXT_DATA(DATAID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL,CONTEXTID INTEGER NOT NULL,TYPE INTEGER NOT NULL,DATA VARCHAR(1048576) DEFAULT '') +ALTER TABLE PUBLIC.CONTEXT_DATA ALTER COLUMN DATAID RESTART WITH 52 +CREATE INDEX INDEX_CONTEXT_DATA_CONTEXTID ON PUBLIC.CONTEXT_DATA(CONTEXTID) +CREATE INDEX INDEX_CONTEXT_DATA_TYPE ON PUBLIC.CONTEXT_DATA(TYPE) +CREATE CACHED TABLE PUBLIC.PARAM(PARAMID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL,SITE VARCHAR(32768) NOT NULL,TYPE VARCHAR(32768) NOT NULL,NAME VARCHAR(32768) NOT NULL,USED INTEGER NOT NULL,FLAGS VARCHAR(32768) NOT NULL,VALS VARCHAR(8388608) NOT NULL) +ALTER TABLE PUBLIC.PARAM ALTER COLUMN PARAMID RESTART WITH 1 +CREATE CACHED TABLE PUBLIC.SESSION_URL(URLID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL,TYPE INTEGER NOT NULL,URL VARCHAR(8192) DEFAULT '') +ALTER TABLE PUBLIC.SESSION_URL ALTER COLUMN URLID RESTART WITH 1 +CREATE INDEX INDEX_SESSION_URL_TYPE_AND_URL ON PUBLIC.SESSION_URL(TYPE,URL) +CREATE CACHED TABLE PUBLIC.TAG(TAGID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL,HISTORYID BIGINT NOT NULL,TAG VARCHAR(1024) DEFAULT '') +ALTER TABLE PUBLIC.TAG ALTER COLUMN TAGID RESTART WITH 1 +CREATE INDEX INDEX_TAG_HISTORYID_TAG ON PUBLIC.TAG(HISTORYID,TAG) +CREATE CACHED TABLE PUBLIC.ALERT_TAG(TAG_ID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL PRIMARY KEY,ALERT_ID BIGINT NOT NULL,KEY VARCHAR(1024) DEFAULT '' NOT NULL,VALUE VARCHAR(4000) DEFAULT '' NOT NULL) +ALTER TABLE PUBLIC.ALERT_TAG ALTER COLUMN TAG_ID RESTART WITH 1 +CREATE INDEX ALERT_ID_INDEX ON PUBLIC.ALERT_TAG(ALERT_ID) +CREATE CACHED TABLE PUBLIC.STRUCTURE(STRUCTUREID BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL,SESSIONID BIGINT NOT NULL,PARENTID BIGINT NOT NULL,HISTORYID INTEGER,NAME VARCHAR(8192) NOT NULL,NAMEHASH BIGINT NOT NULL,URL VARCHAR(8192) NOT NULL,METHOD VARCHAR(10) NOT NULL) +ALTER TABLE PUBLIC.STRUCTURE ALTER COLUMN STRUCTUREID RESTART WITH 1 +CREATE CACHED TABLE PUBLIC.WEBSOCKET_CHANNEL(CHANNEL_ID BIGINT PRIMARY KEY,HOST VARCHAR(255) NOT NULL,PORT INTEGER NOT NULL,URL VARCHAR(1048576) NOT NULL,START_TIMESTAMP TIMESTAMP NOT NULL,END_TIMESTAMP TIMESTAMP,HISTORY_ID INTEGER,FOREIGN KEY(HISTORY_ID) REFERENCES PUBLIC.HISTORY(HISTORYID) ON DELETE SET NULL ON UPDATE SET NULL) +CREATE CACHED TABLE PUBLIC.WEBSOCKET_MESSAGE(MESSAGE_ID BIGINT NOT NULL,CHANNEL_ID BIGINT NOT NULL,TIMESTAMP TIMESTAMP NOT NULL,OPCODE TINYINT NOT NULL,PAYLOAD_UTF8 CLOB(16M),PAYLOAD_BYTES BLOB(16M),PAYLOAD_LENGTH BIGINT NOT NULL,IS_OUTGOING BOOLEAN NOT NULL,PRIMARY KEY(MESSAGE_ID,CHANNEL_ID),FOREIGN KEY(CHANNEL_ID) REFERENCES PUBLIC.WEBSOCKET_CHANNEL(CHANNEL_ID),CONSTRAINT WEBSOCKET_MESSAGE_PAYLOAD CHECK((PUBLIC.WEBSOCKET_MESSAGE.PAYLOAD_UTF8 IS NOT NULL) OR (PUBLIC.WEBSOCKET_MESSAGE.PAYLOAD_BYTES IS NOT NULL))) +CREATE CACHED TABLE PUBLIC.WEBSOCKET_MESSAGE_FUZZ(FUZZ_ID BIGINT NOT NULL,MESSAGE_ID BIGINT NOT NULL,CHANNEL_ID BIGINT NOT NULL,STATE VARCHAR(50) NOT NULL,FUZZ VARCHAR(16777216) NOT NULL,PRIMARY KEY(FUZZ_ID,MESSAGE_ID,CHANNEL_ID),FOREIGN KEY(MESSAGE_ID,CHANNEL_ID) REFERENCES PUBLIC.WEBSOCKET_MESSAGE(MESSAGE_ID,CHANNEL_ID) ON DELETE CASCADE) +CREATE CACHED TABLE PUBLIC.SOAP_WSDL(WSDL_ID INTEGER NOT NULL,SOAP_ACTION VARCHAR(4000) NOT NULL,PRIMARY KEY(WSDL_ID,SOAP_ACTION)) +CREATE CACHED TABLE PUBLIC.OPENAPI_SPECS(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 0) NOT NULL PRIMARY KEY,DEFINITION CLOB(64M) NOT NULL,TARGET VARCHAR(2048),SESSION_ID BIGINT NOT NULL,CONTEXT_ID INTEGER NOT NULL) +ALTER TABLE PUBLIC.OPENAPI_SPECS ALTER COLUMN ID RESTART WITH 0 +ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 1 +SET DATABASE DEFAULT INITIAL SCHEMA PUBLIC +SET TABLE PUBLIC.SESSION INDEX '103 0 1' +SET TABLE PUBLIC.CONTEXT_DATA INDEX '63 63 63 0 0 0 51' +GRANT USAGE ON DOMAIN INFORMATION_SCHEMA.CARDINAL_NUMBER TO PUBLIC +GRANT USAGE ON DOMAIN INFORMATION_SCHEMA.YES_OR_NO TO PUBLIC +GRANT USAGE ON DOMAIN INFORMATION_SCHEMA.CHARACTER_DATA TO PUBLIC +GRANT USAGE ON DOMAIN INFORMATION_SCHEMA.SQL_IDENTIFIER TO PUBLIC +GRANT USAGE ON DOMAIN INFORMATION_SCHEMA.TIME_STAMP TO PUBLIC +GRANT DBA TO SA +SET SCHEMA SYSTEM_LOBS +INSERT INTO BLOCKS VALUES(0,2147483647,0)