/*C2*/SET SCHEMA PUBLIC SET FILES LOG TRUE /*C4*/SET SCHEMA PUBLIC DELETE FROM SESSION WHERE SESSIONID=1709346750724 INSERT INTO SESSION VALUES(1709346750724,'Untitled Session','2024-03-02 03:32:43.041776') COMMIT /*C3*/SET SCHEMA PUBLIC INSERT INTO HISTORY VALUES(1,1709346750724,1,200,1709346894944,457,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:34:55 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) COMMIT INSERT INTO HISTORY VALUES(2,1709346750724,0,0,0,0,'GET','https://api.cscg.live:444','GET https://api.cscg.live:444 HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','','',NULL,'',FALSE) COMMIT INSERT INTO HISTORY VALUES(3,1709346750724,0,0,0,0,'GET','https://api.cscg.live:444/platform.Platform','GET https://api.cscg.live:444/platform.Platform HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','','',NULL,'',FALSE) COMMIT /*C10*/SET SCHEMA PUBLIC INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',1,'','https://play.cscg.live') COMMIT INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',1,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message') COMMIT INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',1,'','h3=":443"; ma=2592000') COMMIT INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',1,'','application/grpc-web+proto') COMMIT INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',1,'','Caddy') COMMIT INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',1,'','Origin') COMMIT INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',1,'','Sat%2C 02 Mar 2024 02:34:55 GMT') COMMIT INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',1,'','129') COMMIT /*C5*/SET SCHEMA PUBLIC INSERT INTO ALERT VALUES(0,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',1,1,'','',319,15,3,'','10035-1') COMMIT /*C6*/SET SCHEMA PUBLIC INSERT INTO ALERT_TAG VALUES(1,0,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(2,0,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C5*/INSERT INTO ALERT VALUES(1,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',1,1,'','',693,15,3,'','10021') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(3,1,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(4,1,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C3*/INSERT INTO HISTORY VALUES(4,1709346750724,1,403,1709346896051,237,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/\u000d\u000aUpgrade-Insecure-Requests: 1\u000d\u000aSec-Fetch-Dest: document\u000d\u000aSec-Fetch-Mode: navigate\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000aSec-Fetch-User: ?1\u000d\u000a\u000d\u000a','','HTTP/1.1 403 Forbidden\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:34:56 GMT\u000d\u000aContent-Type: text/html\u000d\u000aContent-Length: 384\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-180"\u000d\u000a\u000d\u000a','3c68746d6c3e0a3c686561643e0a202020203c7469746c653e496e74726f20746f2057656220323c2f7469746c653e0a202020203c6d65746120636861727365743d225554462d38223e0a202020203c6c696e6b2072656c3d227374796c6573686565742220747970653d22746578742f6373732220687265663d227374796c652e63737322202f3e0a3c2f686561643e0a3c626f64793e0a3c68313e24284745524d414e5f4349545929205472616d205469636b6574204d616368696e653c2f68313e0a0a3c68333e3c7370616e207374796c653d22636f6c6f723a20726564223e496e736563757265206f7065726174696e672073797374656d213c2f7370616e3e3c2f68333e0a3c68723e0a466f7220734563557249745920724561536f4e732c20796f75206e65656420746f2075706461746520796f75722073797374656d20746f2057696e646f7773203935206265666f726520616363657373696e6720746869732077656273697465210a3c2f626f64793e0a3c2f68746d6c3e',NULL,'',TRUE) COMMIT INSERT INTO HISTORY VALUES(5,1709346750724,0,0,0,0,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337 HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/\u000d\u000aUpgrade-Insecure-Requests: 1\u000d\u000aSec-Fetch-Dest: document\u000d\u000aSec-Fetch-Mode: navigate\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000aSec-Fetch-User: ?1\u000d\u000a\u000d\u000a','','','',NULL,'',FALSE) COMMIT INSERT INTO HISTORY VALUES(6,1709346750724,1,200,1709346896338,23,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/css,*/*;q=0.1\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html\u000d\u000aSec-Fetch-Dest: style\u000d\u000aSec-Fetch-Mode: no-cors\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:34:56 GMT\u000d\u000aContent-Type: text/plain\u000d\u000aContent-Length: 287\u000d\u000aLast-Modified: Thu, 01 Jan 1970 00:00:01 GMT\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-11f"\u000d\u000aCache-Control: no-store\u000d\u000aAccept-Ranges: bytes\u000d\u000a\u000d\u000a','68746d6c207b0a202020206d61782d77696474683a20373063683b0a2020202070616464696e673a2033656d2031656d3b0a202020206d617267696e3a206175746f3b0a202020206c696e652d6865696768743a20312e37353b0a20202020666f6e742d73697a653a20312e3235656d3b0a0a202020206261636b67726f756e642d636f6c6f723a20233145323132323b0a20202020636f6c6f723a20234244423741463b0a7d0a68312c2068322c206833207b0a20202020636f6c6f723a20234538453645333b0a7d0a6872207b0a202020206d617267696e2d746f703a202d31656d3b0a7d0a61207b0a20202020636f6c6f723a206c69676874626c75653b0a20202020746578742d6465636f726174696f6e3a206e6f6e653b0a7d0a',NULL,'',TRUE) COMMIT /*C5*/INSERT INTO ALERT VALUES(2,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',6,6,'','nginx/1.24.0',200,13,3,'','10036') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(5,2,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(6,2,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT INSERT INTO ALERT_TAG VALUES(7,2,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server') COMMIT /*C10*/INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',1,'','nginx/1.24.0') COMMIT INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',1,'','Sat%2C 02 Mar 2024 02:34:56 GMT') COMMIT INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',1,'','text/html') COMMIT INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',1,'','384') COMMIT INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',1,'','keep-alive') COMMIT INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',1,'','"1-180"') COMMIT DELETE FROM PARAM WHERE PARAMID=9 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Server' AND USED=1 AND FLAGS='' AND VALS='nginx/1.24.0' INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',2,'','nginx/1.24.0') COMMIT DELETE FROM PARAM WHERE PARAMID=10 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Date' AND USED=1 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT' INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',2,'','Sat%2C 02 Mar 2024 02:34:56 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=11 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Type' AND USED=1 AND FLAGS='' AND VALS='text/html' INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',2,'','text/html,text/plain') COMMIT DELETE FROM PARAM WHERE PARAMID=12 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Length' AND USED=1 AND FLAGS='' AND VALS='384' INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',2,'','287,384') COMMIT INSERT INTO PARAM VALUES(15,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Last-Modified',1,'','Thu%2C 01 Jan 1970 00:00:01 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=13 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Connection' AND USED=1 AND FLAGS='' AND VALS='keep-alive' INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',2,'','keep-alive') COMMIT DELETE FROM PARAM WHERE PARAMID=14 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='ETag' AND USED=1 AND FLAGS='' AND VALS='"1-180"' INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',2,'','"1-180","1-11f"') COMMIT INSERT INTO PARAM VALUES(16,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Cache-Control',1,'','no-store') COMMIT INSERT INTO PARAM VALUES(17,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Accept-Ranges',1,'','bytes') COMMIT /*C5*/INSERT INTO ALERT VALUES(3,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',6,6,'','',319,15,3,'','10035-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(8,3,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(9,3,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C5*/INSERT INTO ALERT VALUES(4,0,10038,'Content Security Policy (CSP) Header Not Set',2,3,'Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page \u2014 covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.','https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy\u000ahttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\u000ahttps://www.w3.org/TR/CSP/\u000ahttps://w3c.github.io/webappsec-csp/\u000ahttps://web.dev/articles/csp\u000ahttps://caniuse.com/#feat=contentsecuritypolicy\u000ahttps://content-security-policy.com/',4,4,'','',693,15,3,'','10038-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(10,4,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(11,4,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C5*/INSERT INTO ALERT VALUES(5,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',6,6,'','',693,15,3,'','10021') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(12,5,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(13,5,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C5*/INSERT INTO ALERT VALUES(6,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',4,4,'','nginx/1.24.0',200,13,3,'','10036') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(14,6,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(15,6,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT INSERT INTO ALERT_TAG VALUES(16,6,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server') COMMIT /*C5*/INSERT INTO ALERT VALUES(7,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',4,4,'','',319,15,3,'','10035-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(17,7,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(18,7,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C3*/INSERT INTO HISTORY VALUES(7,1709346750724,1,200,1709346896616,130,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:34:56 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE) COMMIT /*C10*/INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',1,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization') COMMIT INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',1,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE') COMMIT DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=1 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',2,'','https://play.cscg.live') COMMIT DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=1 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',2,'','h3=":443"; ma=2592000') COMMIT INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',1,'','0') COMMIT DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=1 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:55 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',2,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=1 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',2,'','Caddy') COMMIT /*C5*/INSERT INTO ALERT VALUES(8,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',7,7,'','',319,15,3,'','10035-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(19,8,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(20,8,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C3*/INSERT INTO HISTORY VALUES(8,1709346750724,1,200,1709346896918,112,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:34:57 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=2 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',3,'','https://play.cscg.live') COMMIT DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=1 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message' INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',2,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message') COMMIT DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=2 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',3,'','h3=":443"; ma=2592000') COMMIT /*C5*/INSERT INTO ALERT VALUES(9,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',8,8,'','',319,15,3,'','10035-1') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=1 AND FLAGS='' AND VALS='application/grpc-web+proto' INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',2,'','application/grpc-web+proto') COMMIT DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=2 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',3,'','Caddy') COMMIT DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=1 AND FLAGS='' AND VALS='Origin' INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',2,'','Origin') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(21,9,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(22,9,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=2 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',3,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=1 AND FLAGS='' AND VALS='129' INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',2,'','129') COMMIT /*C5*/INSERT INTO ALERT VALUES(10,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',8,8,'','',693,15,3,'','10021') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(23,10,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(24,10,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_CHANNEL VALUES(1,'zap',443,'','2024-03-02 03:34:57.550000',NULL,NULL) COMMIT /*C1*/SET SCHEMA SYSTEM_LOBS INSERT INTO LOB_IDS VALUES(1,61,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 2 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=0 INSERT INTO BLOCKS VALUES(0,1,0) INSERT INTO BLOCKS VALUES(1,2147483646,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=0 INSERT INTO LOBS VALUES(0,1,0,1) COMMIT /*C13*/INSERT INTO WEBSOCKET_MESSAGE VALUES(1,1,'2024-03-02 03:34:57.691000',1,1,NULL,61,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=1 INSERT INTO LOB_IDS VALUES(1,61,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(2,77,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 3 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=1 INSERT INTO BLOCKS VALUES(1,1,0) INSERT INTO BLOCKS VALUES(2,2147483645,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=1 INSERT INTO LOBS VALUES(1,1,0,2) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(2,1,'2024-03-02 03:34:57.707000',1,2,NULL,77,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=2 INSERT INTO LOB_IDS VALUES(2,77,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(3,49,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 4 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=2 INSERT INTO BLOCKS VALUES(2,1,0) INSERT INTO BLOCKS VALUES(3,2147483644,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=2 INSERT INTO LOBS VALUES(2,1,0,3) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(3,1,'2024-03-02 03:34:57.712000',1,3,NULL,49,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=3 INSERT INTO LOB_IDS VALUES(3,49,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(4,120,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 5 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=3 INSERT INTO BLOCKS VALUES(3,1,0) INSERT INTO BLOCKS VALUES(4,2147483643,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=3 INSERT INTO LOBS VALUES(3,1,0,4) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(4,1,'2024-03-02 03:34:57.714000',1,4,NULL,120,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=4 INSERT INTO LOB_IDS VALUES(4,120,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(5,117,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 6 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=4 INSERT INTO BLOCKS VALUES(4,1,0) INSERT INTO BLOCKS VALUES(5,2147483642,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=4 INSERT INTO LOBS VALUES(4,1,0,5) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(5,1,'2024-03-02 03:34:57.733000',1,5,NULL,117,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=5 INSERT INTO LOB_IDS VALUES(5,117,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(6,112,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 7 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=5 INSERT INTO BLOCKS VALUES(5,1,0) INSERT INTO BLOCKS VALUES(6,2147483641,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=5 INSERT INTO LOBS VALUES(5,1,0,6) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(6,1,'2024-03-02 03:34:57.735000',1,6,NULL,112,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=6 INSERT INTO LOB_IDS VALUES(6,112,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(7,108,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 8 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=6 INSERT INTO BLOCKS VALUES(6,1,0) INSERT INTO BLOCKS VALUES(7,2147483640,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=6 INSERT INTO LOBS VALUES(6,1,0,7) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(7,1,'2024-03-02 03:34:57.796000',1,7,NULL,108,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=7 INSERT INTO LOB_IDS VALUES(7,108,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(8,118,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 9 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=7 INSERT INTO BLOCKS VALUES(7,1,0) INSERT INTO BLOCKS VALUES(8,2147483639,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=7 INSERT INTO LOBS VALUES(7,1,0,8) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(8,1,'2024-03-02 03:34:57.802000',1,8,NULL,118,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=8 INSERT INTO LOB_IDS VALUES(8,118,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(9,110,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 10 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=8 INSERT INTO BLOCKS VALUES(8,1,0) INSERT INTO BLOCKS VALUES(9,2147483638,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=8 INSERT INTO LOBS VALUES(8,1,0,9) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(9,1,'2024-03-02 03:34:57.805000',1,9,NULL,110,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=9 INSERT INTO LOB_IDS VALUES(9,110,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(10,130,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 11 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=9 INSERT INTO BLOCKS VALUES(9,1,0) INSERT INTO BLOCKS VALUES(10,2147483637,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=9 INSERT INTO LOBS VALUES(9,1,0,10) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(10,1,'2024-03-02 03:34:57.814000',1,10,NULL,130,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=10 INSERT INTO LOB_IDS VALUES(10,130,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(11,114,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 12 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=10 INSERT INTO BLOCKS VALUES(10,1,0) INSERT INTO BLOCKS VALUES(11,2147483636,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=10 INSERT INTO LOBS VALUES(10,1,0,11) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(11,1,'2024-03-02 03:34:57.822000',1,11,NULL,114,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=11 INSERT INTO LOB_IDS VALUES(11,114,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(12,106,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 13 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=11 INSERT INTO BLOCKS VALUES(11,1,0) INSERT INTO BLOCKS VALUES(12,2147483635,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=11 INSERT INTO LOBS VALUES(11,1,0,12) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(12,1,'2024-03-02 03:34:57.823000',1,12,NULL,106,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=12 INSERT INTO LOB_IDS VALUES(12,106,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(13,201,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 14 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=12 INSERT INTO BLOCKS VALUES(12,1,0) INSERT INTO BLOCKS VALUES(13,2147483634,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=12 INSERT INTO LOBS VALUES(12,1,0,13) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(13,1,'2024-03-02 03:34:57.951000',1,13,NULL,201,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=13 INSERT INTO LOB_IDS VALUES(13,201,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(14,960,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 15 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=13 INSERT INTO BLOCKS VALUES(13,1,0) INSERT INTO BLOCKS VALUES(14,2147483633,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=13 INSERT INTO LOBS VALUES(13,1,0,14) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(14,1,'2024-03-02 03:34:57.960000',1,14,NULL,960,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=14 INSERT INTO LOB_IDS VALUES(14,960,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(15,176,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 16 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=14 INSERT INTO BLOCKS VALUES(14,1,0) INSERT INTO BLOCKS VALUES(15,2147483632,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=14 INSERT INTO LOBS VALUES(14,1,0,15) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(15,1,'2024-03-02 03:34:57.963000',1,15,NULL,176,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=15 INSERT INTO LOB_IDS VALUES(15,176,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(16,1653,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 17 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=15 INSERT INTO BLOCKS VALUES(15,1,0) INSERT INTO BLOCKS VALUES(16,2147483631,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=15 INSERT INTO LOBS VALUES(15,1,0,16) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(16,1,'2024-03-02 03:34:57.972000',1,16,NULL,1653,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=16 INSERT INTO LOB_IDS VALUES(16,1653,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(9,1709346750724,1,200,1709346898617,348,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:34:58 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(17,322,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 18 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=16 INSERT INTO BLOCKS VALUES(16,1,0) INSERT INTO BLOCKS VALUES(17,2147483630,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=16 INSERT INTO LOBS VALUES(16,1,0,17) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(17,1,'2024-03-02 03:34:58.973000',1,17,NULL,322,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=17 INSERT INTO LOB_IDS VALUES(17,322,1,40) COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=3 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',4,'','https://play.cscg.live') COMMIT DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=2 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message' INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',3,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message') COMMIT DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=3 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',4,'','h3=":443"; ma=2592000') COMMIT DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=2 AND FLAGS='' AND VALS='application/grpc-web+proto' INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',3,'','application/grpc-web+proto') COMMIT DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=3 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',4,'','Caddy') COMMIT DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=2 AND FLAGS='' AND VALS='Origin' INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',3,'','Origin') COMMIT DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=3 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',4,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=2 AND FLAGS='' AND VALS='129' INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',3,'','129') COMMIT /*C5*/INSERT INTO ALERT VALUES(11,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',9,9,'','',319,15,3,'','10035-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(25,11,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(26,11,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(18,551,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 19 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=17 INSERT INTO BLOCKS VALUES(17,1,0) INSERT INTO BLOCKS VALUES(18,2147483629,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=17 INSERT INTO LOBS VALUES(17,1,0,18) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(18,1,'2024-03-02 03:34:59.177000',1,18,NULL,551,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=18 INSERT INTO LOB_IDS VALUES(18,551,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(12,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',9,9,'','',693,15,3,'','10021') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(27,12,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(28,12,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(19,572,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 20 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=18 INSERT INTO BLOCKS VALUES(18,1,0) INSERT INTO BLOCKS VALUES(19,2147483628,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=18 INSERT INTO LOBS VALUES(18,1,0,19) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(19,1,'2024-03-02 03:34:59.187000',1,19,NULL,572,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=19 INSERT INTO LOB_IDS VALUES(19,572,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(10,1709346750724,1,200,1709346900752,297,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:01 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(20,323,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 21 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=19 INSERT INTO BLOCKS VALUES(19,1,0) INSERT INTO BLOCKS VALUES(20,2147483627,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=19 INSERT INTO LOBS VALUES(19,1,0,20) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(20,1,'2024-03-02 03:35:01.052000',1,20,NULL,323,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=20 INSERT INTO LOB_IDS VALUES(20,323,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(13,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',10,10,'','',319,15,3,'','10035-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(29,13,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(30,13,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=4 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',5,'','https://play.cscg.live') COMMIT DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=3 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message' INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',4,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message') COMMIT DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=4 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',5,'','h3=":443"; ma=2592000') COMMIT DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=3 AND FLAGS='' AND VALS='application/grpc-web+proto' INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',4,'','application/grpc-web+proto') COMMIT DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=4 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',5,'','Caddy') COMMIT DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=3 AND FLAGS='' AND VALS='Origin' INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',4,'','Origin') COMMIT DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=4 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',5,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=3 AND FLAGS='' AND VALS='129' INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',4,'','129') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(21,552,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 22 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=20 INSERT INTO BLOCKS VALUES(20,1,0) INSERT INTO BLOCKS VALUES(21,2147483626,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=20 INSERT INTO LOBS VALUES(20,1,0,21) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(21,1,'2024-03-02 03:35:01.274000',1,21,NULL,552,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=21 INSERT INTO LOB_IDS VALUES(21,552,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(14,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',10,10,'','',693,15,3,'','10021') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(31,14,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(32,14,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(22,573,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 23 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=21 INSERT INTO BLOCKS VALUES(21,1,0) INSERT INTO BLOCKS VALUES(22,2147483625,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=21 INSERT INTO LOBS VALUES(21,1,0,22) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(22,1,'2024-03-02 03:35:01.281000',1,22,NULL,573,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=22 INSERT INTO LOB_IDS VALUES(22,573,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(11,1709346750724,1,200,1709346902634,106,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:35:02 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(23,324,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 24 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=22 INSERT INTO BLOCKS VALUES(22,1,0) INSERT INTO BLOCKS VALUES(23,2147483624,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=22 INSERT INTO LOBS VALUES(22,1,0,23) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(23,1,'2024-03-02 03:35:02.743000',1,23,NULL,324,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=23 INSERT INTO LOB_IDS VALUES(23,324,1,40) COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=18 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Headers' AND USED=1 AND FLAGS='' AND VALS='content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization' INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',2,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization') COMMIT DELETE FROM PARAM WHERE PARAMID=19 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Methods' AND USED=1 AND FLAGS='' AND VALS='GET%2CHEAD%2CPOST%2CPUT%2CDELETE' INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',2,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE') COMMIT DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=5 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',6,'','https://play.cscg.live') COMMIT /*C5*/INSERT INTO ALERT VALUES(15,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',11,11,'','',319,15,3,'','10035-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(33,15,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(34,15,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=5 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',6,'','h3=":443"; ma=2592000') COMMIT DELETE FROM PARAM WHERE PARAMID=20 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Length' AND USED=1 AND FLAGS='' AND VALS='0' INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',2,'','0') COMMIT DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=5 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',6,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=5 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',6,'','Caddy') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(24,552,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 25 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=23 INSERT INTO BLOCKS VALUES(23,1,0) INSERT INTO BLOCKS VALUES(24,2147483623,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=23 INSERT INTO LOBS VALUES(23,1,0,24) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(24,1,'2024-03-02 03:35:02.956000',1,24,NULL,552,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=24 INSERT INTO LOB_IDS VALUES(24,552,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(12,1709346750724,1,200,1709346902745,278,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:03 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(25,323,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 26 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=24 INSERT INTO BLOCKS VALUES(24,1,0) INSERT INTO BLOCKS VALUES(25,2147483622,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=24 INSERT INTO LOBS VALUES(24,1,0,25) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(25,1,'2024-03-02 03:35:03.024000',1,25,NULL,323,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=25 INSERT INTO LOB_IDS VALUES(25,323,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(16,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',12,12,'','',319,15,3,'','10035-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(35,16,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(36,16,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=6 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',7,'','https://play.cscg.live') COMMIT DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=4 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message' INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',5,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message') COMMIT DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=6 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',7,'','h3=":443"; ma=2592000') COMMIT DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=4 AND FLAGS='' AND VALS='application/grpc-web+proto' INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',5,'','application/grpc-web+proto') COMMIT DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=6 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',7,'','Caddy') COMMIT DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=4 AND FLAGS='' AND VALS='Origin' INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',5,'','Origin') COMMIT DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=6 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',7,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=4 AND FLAGS='' AND VALS='129' INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',5,'','129') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(26,552,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 27 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=25 INSERT INTO BLOCKS VALUES(25,1,0) INSERT INTO BLOCKS VALUES(26,2147483621,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=25 INSERT INTO LOBS VALUES(25,1,0,26) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(26,1,'2024-03-02 03:35:03.236000',1,26,NULL,552,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=26 INSERT INTO LOB_IDS VALUES(26,552,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(17,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',12,12,'','',693,15,3,'','10021') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(37,17,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(38,17,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(27,573,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 28 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=26 INSERT INTO BLOCKS VALUES(26,1,0) INSERT INTO BLOCKS VALUES(27,2147483620,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=26 INSERT INTO LOBS VALUES(26,1,0,27) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(27,1,'2024-03-02 03:35:03.262000',1,27,NULL,573,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=27 INSERT INTO LOB_IDS VALUES(27,573,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(13,1709346750724,1,200,1709346904639,173,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Vary, Date, Content-Type, Access-Control-Allow-Origin, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:04 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(28,323,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 29 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=27 INSERT INTO BLOCKS VALUES(27,1,0) INSERT INTO BLOCKS VALUES(28,2147483619,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=27 INSERT INTO LOBS VALUES(27,1,0,28) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(28,1,'2024-03-02 03:35:04.813000',1,28,NULL,323,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=28 INSERT INTO LOB_IDS VALUES(28,323,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(18,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',13,13,'','',319,15,3,'','10035-1') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=7 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',8,'','https://play.cscg.live') COMMIT DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=5 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message' INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',6,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(39,18,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(40,18,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=7 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',8,'','h3=":443"; ma=2592000') COMMIT DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=5 AND FLAGS='' AND VALS='application/grpc-web+proto' INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',6,'','application/grpc-web+proto') COMMIT DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=7 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',8,'','Caddy') COMMIT DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=5 AND FLAGS='' AND VALS='Origin' INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',6,'','Origin') COMMIT DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=7 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',8,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=5 AND FLAGS='' AND VALS='129' INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',6,'','129') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(29,552,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 30 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=28 INSERT INTO BLOCKS VALUES(28,1,0) INSERT INTO BLOCKS VALUES(29,2147483618,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=28 INSERT INTO LOBS VALUES(28,1,0,29) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(29,1,'2024-03-02 03:35:05.035000',1,29,NULL,552,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=29 INSERT INTO LOB_IDS VALUES(29,552,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(19,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',13,13,'','',693,15,3,'','10021') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(41,19,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(42,19,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(30,573,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 31 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=29 INSERT INTO BLOCKS VALUES(29,1,0) INSERT INTO BLOCKS VALUES(30,2147483617,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=29 INSERT INTO LOBS VALUES(29,1,0,30) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(30,1,'2024-03-02 03:35:05.038000',1,30,NULL,573,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=30 INSERT INTO LOB_IDS VALUES(30,573,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(14,1709346750724,1,200,1709346906638,170,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:06 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(31,323,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 32 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=30 INSERT INTO BLOCKS VALUES(30,1,0) INSERT INTO BLOCKS VALUES(31,2147483616,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=30 INSERT INTO LOBS VALUES(30,1,0,31) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(31,1,'2024-03-02 03:35:06.809000',1,31,NULL,323,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=31 INSERT INTO LOB_IDS VALUES(31,323,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(20,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',14,14,'','',319,15,3,'','10035-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(43,20,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(44,20,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=8 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',9,'','https://play.cscg.live') COMMIT DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=6 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',7,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') COMMIT DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=8 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',9,'','h3=":443"; ma=2592000') COMMIT DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=6 AND FLAGS='' AND VALS='application/grpc-web+proto' INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',7,'','application/grpc-web+proto') COMMIT DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=8 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',9,'','Caddy') COMMIT DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=6 AND FLAGS='' AND VALS='Origin' INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',7,'','Origin') COMMIT DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=8 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',9,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=6 AND FLAGS='' AND VALS='129' INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',7,'','129') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(32,552,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 33 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=31 INSERT INTO BLOCKS VALUES(31,1,0) INSERT INTO BLOCKS VALUES(32,2147483615,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=31 INSERT INTO LOBS VALUES(31,1,0,32) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(32,1,'2024-03-02 03:35:07.025000',1,32,NULL,552,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=32 INSERT INTO LOB_IDS VALUES(32,552,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(21,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',14,14,'','',693,15,3,'','10021') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(45,21,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(46,21,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(33,573,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 34 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=32 INSERT INTO BLOCKS VALUES(32,1,0) INSERT INTO BLOCKS VALUES(33,2147483614,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=32 INSERT INTO LOBS VALUES(32,1,0,33) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(33,1,'2024-03-02 03:35:07.049000',1,33,NULL,573,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=33 INSERT INTO LOB_IDS VALUES(33,573,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(34,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 35 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=33 INSERT INTO BLOCKS VALUES(33,1,0) INSERT INTO BLOCKS VALUES(34,2147483613,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=33 INSERT INTO LOBS VALUES(33,1,0,34) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(34,1,'2024-03-02 03:35:07.950000',1,34,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=34 INSERT INTO LOB_IDS VALUES(34,64,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(15,1709346750724,1,200,1709346908652,157,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:35:08 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(35,324,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 36 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=34 INSERT INTO BLOCKS VALUES(34,1,0) INSERT INTO BLOCKS VALUES(35,2147483612,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=34 INSERT INTO LOBS VALUES(34,1,0,35) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(35,1,'2024-03-02 03:35:08.811000',1,35,NULL,324,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=35 INSERT INTO LOB_IDS VALUES(35,324,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(16,1709346750724,1,200,1709346908814,72,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Content-Type, Access-Control-Allow-Origin, Vary, Date, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:08 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=18 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Headers' AND USED=2 AND FLAGS='' AND VALS='content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization' INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',3,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization') COMMIT DELETE FROM PARAM WHERE PARAMID=19 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Methods' AND USED=2 AND FLAGS='' AND VALS='GET%2CHEAD%2CPOST%2CPUT%2CDELETE' INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',3,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(36,322,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 37 COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=9 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',10,'','https://play.cscg.live') COMMIT DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=9 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',10,'','h3=":443"; ma=2592000') COMMIT DELETE FROM PARAM WHERE PARAMID=20 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Length' AND USED=2 AND FLAGS='' AND VALS='0' INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',3,'','0') COMMIT /*C1*/DELETE FROM BLOCKS WHERE BLOCK_ADDR=35 INSERT INTO BLOCKS VALUES(35,1,0) INSERT INTO BLOCKS VALUES(36,2147483611,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=35 INSERT INTO LOBS VALUES(35,1,0,36) COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=9 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',10,'','Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=9 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',10,'','Caddy') COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(36,1,'2024-03-02 03:35:08.888000',1,36,NULL,322,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=36 INSERT INTO LOB_IDS VALUES(36,322,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(22,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',16,16,'','',319,15,3,'','10035-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(47,22,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(48,22,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=10 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',11,'','https://play.cscg.live') COMMIT /*C5*/INSERT INTO ALERT VALUES(23,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',15,15,'','',319,15,3,'','10035-1') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=7 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',8,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(49,23,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=10 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',11,'','h3=":443"; ma=2592000') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(50,23,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=7 AND FLAGS='' AND VALS='application/grpc-web+proto' INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',8,'','application/grpc-web+proto') COMMIT DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=10 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',11,'','Caddy') COMMIT DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=7 AND FLAGS='' AND VALS='Origin' INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',8,'','Origin') COMMIT DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=10 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',11,'','Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=7 AND FLAGS='' AND VALS='129' INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',8,'','129') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(37,552,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 38 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=36 INSERT INTO BLOCKS VALUES(36,1,0) INSERT INTO BLOCKS VALUES(37,2147483610,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=36 INSERT INTO LOBS VALUES(36,1,0,37) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(37,1,'2024-03-02 03:35:08.894000',1,37,NULL,552,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=37 INSERT INTO LOB_IDS VALUES(37,552,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(38,552,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 39 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=37 INSERT INTO BLOCKS VALUES(37,1,0) INSERT INTO BLOCKS VALUES(38,2147483609,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=37 INSERT INTO LOBS VALUES(37,1,0,38) COMMIT /*C5*/INSERT INTO ALERT VALUES(24,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',16,16,'','',693,15,3,'','10021') COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(38,1,'2024-03-02 03:35:08.894000',1,38,NULL,552,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=38 INSERT INTO LOB_IDS VALUES(38,552,1,40) COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(51,24,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(52,24,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(39,573,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 40 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=38 INSERT INTO BLOCKS VALUES(38,1,0) INSERT INTO BLOCKS VALUES(39,2147483608,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=38 INSERT INTO LOBS VALUES(38,1,0,39) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(39,1,'2024-03-02 03:35:08.897000',1,39,NULL,573,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=39 INSERT INTO LOB_IDS VALUES(39,573,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(17,1709346750724,1,200,1709346910654,366,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:11 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(40,323,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 41 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=39 INSERT INTO BLOCKS VALUES(39,1,0) INSERT INTO BLOCKS VALUES(40,2147483607,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=39 INSERT INTO LOBS VALUES(39,1,0,40) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(40,1,'2024-03-02 03:35:11.021000',1,40,NULL,323,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=40 INSERT INTO LOB_IDS VALUES(40,323,1,40) COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=11 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',12,'','https://play.cscg.live') COMMIT /*C5*/INSERT INTO ALERT VALUES(25,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',17,17,'','',319,15,3,'','10035-1') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=8 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',9,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') COMMIT DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=11 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',12,'','h3=":443"; ma=2592000') COMMIT DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=8 AND FLAGS='' AND VALS='application/grpc-web+proto' INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',9,'','application/grpc-web+proto') COMMIT DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=11 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',12,'','Caddy') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(53,25,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(54,25,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=8 AND FLAGS='' AND VALS='Origin' INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',9,'','Origin') COMMIT DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=11 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',12,'','Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=8 AND FLAGS='' AND VALS='129' INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',9,'','129') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(41,552,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 42 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=40 INSERT INTO BLOCKS VALUES(40,1,0) INSERT INTO BLOCKS VALUES(41,2147483606,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=40 INSERT INTO LOBS VALUES(40,1,0,41) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(41,1,'2024-03-02 03:35:11.227000',1,41,NULL,552,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=41 INSERT INTO LOB_IDS VALUES(41,552,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(26,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',17,17,'','',693,15,3,'','10021') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(55,26,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(56,26,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(42,573,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 43 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=41 INSERT INTO BLOCKS VALUES(41,1,0) INSERT INTO BLOCKS VALUES(42,2147483605,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=41 INSERT INTO LOBS VALUES(41,1,0,42) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(42,1,'2024-03-02 03:35:11.230000',1,42,NULL,573,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=42 INSERT INTO LOB_IDS VALUES(42,573,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(18,1709346750724,1,200,1709346912663,382,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Content-Type, Access-Control-Allow-Origin, Vary, Date, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:12 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(43,323,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 44 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=42 INSERT INTO BLOCKS VALUES(42,1,0) INSERT INTO BLOCKS VALUES(43,2147483604,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=42 INSERT INTO LOBS VALUES(42,1,0,43) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(43,1,'2024-03-02 03:35:13.047000',1,43,NULL,323,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=43 INSERT INTO LOB_IDS VALUES(43,323,1,40) COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=12 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',13,'','https://play.cscg.live') COMMIT DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=9 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',10,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') COMMIT DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=12 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',13,'','h3=":443"; ma=2592000') COMMIT DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=9 AND FLAGS='' AND VALS='application/grpc-web+proto' INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',10,'','application/grpc-web+proto') COMMIT DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=12 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',13,'','Caddy') COMMIT DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=9 AND FLAGS='' AND VALS='Origin' INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',10,'','Origin') COMMIT DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=12 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',13,'','Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=9 AND FLAGS='' AND VALS='129' INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',10,'','129') COMMIT /*C5*/INSERT INTO ALERT VALUES(27,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',18,18,'','',319,15,3,'','10035-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(57,27,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(58,27,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(44,552,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 45 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=43 INSERT INTO BLOCKS VALUES(43,1,0) INSERT INTO BLOCKS VALUES(44,2147483603,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=43 INSERT INTO LOBS VALUES(43,1,0,44) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(44,1,'2024-03-02 03:35:13.255000',1,44,NULL,552,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=44 INSERT INTO LOB_IDS VALUES(44,552,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(28,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',18,18,'','',693,15,3,'','10021') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(59,28,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(60,28,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(45,573,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 46 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=44 INSERT INTO BLOCKS VALUES(44,1,0) INSERT INTO BLOCKS VALUES(45,2147483602,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=44 INSERT INTO LOBS VALUES(44,1,0,45) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(45,1,'2024-03-02 03:35:13.258000',1,45,NULL,573,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=45 INSERT INTO LOB_IDS VALUES(45,573,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(19,1709346750724,1,200,1709346914670,89,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:35:14 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(46,323,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 47 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=45 INSERT INTO BLOCKS VALUES(45,1,0) INSERT INTO BLOCKS VALUES(46,2147483601,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=45 INSERT INTO LOBS VALUES(45,1,0,46) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(46,1,'2024-03-02 03:35:14.760000',1,46,NULL,323,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=46 INSERT INTO LOB_IDS VALUES(46,323,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(20,1709346750724,1,200,1709346914763,83,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Content-Type, Date, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:14 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(47,322,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 48 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=46 INSERT INTO BLOCKS VALUES(46,1,0) INSERT INTO BLOCKS VALUES(47,2147483600,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=46 INSERT INTO LOBS VALUES(46,1,0,47) COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=18 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Headers' AND USED=3 AND FLAGS='' AND VALS='content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization' INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',4,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization') COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(47,1,'2024-03-02 03:35:14.848000',1,47,NULL,322,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=47 INSERT INTO LOB_IDS VALUES(47,322,1,40) COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=19 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Methods' AND USED=3 AND FLAGS='' AND VALS='GET%2CHEAD%2CPOST%2CPUT%2CDELETE' INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',4,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE') COMMIT DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=13 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',14,'','https://play.cscg.live') COMMIT DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=13 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',14,'','h3=":443"; ma=2592000') COMMIT DELETE FROM PARAM WHERE PARAMID=20 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Length' AND USED=3 AND FLAGS='' AND VALS='0' INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',4,'','0') COMMIT DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=13 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',14,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=13 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',14,'','Caddy') COMMIT DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=14 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',15,'','https://play.cscg.live') COMMIT DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=10 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',11,'','Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') COMMIT DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=14 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',15,'','h3=":443"; ma=2592000') COMMIT DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=10 AND FLAGS='' AND VALS='application/grpc-web+proto' INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',11,'','application/grpc-web+proto') COMMIT DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=14 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',15,'','Caddy') COMMIT DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=10 AND FLAGS='' AND VALS='Origin' INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',11,'','Origin') COMMIT DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=14 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',15,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT') COMMIT /*C5*/INSERT INTO ALERT VALUES(29,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',20,20,'','',319,15,3,'','10035-1') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=10 AND FLAGS='' AND VALS='129' INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',11,'','129') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(61,29,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(62,29,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(48,552,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 49 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=47 INSERT INTO BLOCKS VALUES(47,1,0) INSERT INTO BLOCKS VALUES(48,2147483599,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=47 INSERT INTO LOBS VALUES(47,1,0,48) COMMIT /*C5*/INSERT INTO ALERT VALUES(30,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',19,19,'','',319,15,3,'','10035-1') COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(48,1,'2024-03-02 03:35:14.851000',1,48,NULL,552,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=48 INSERT INTO LOB_IDS VALUES(48,552,1,40) COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(63,30,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(64,30,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C5*/INSERT INTO ALERT VALUES(31,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',20,20,'','',693,15,3,'','10021') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(65,31,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(66,31,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(49,552,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 50 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=48 INSERT INTO BLOCKS VALUES(48,1,0) INSERT INTO BLOCKS VALUES(49,2147483598,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=48 INSERT INTO LOBS VALUES(48,1,0,49) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(49,1,'2024-03-02 03:35:14.853000',1,49,NULL,552,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=49 INSERT INTO LOB_IDS VALUES(49,552,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(50,573,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 51 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=49 INSERT INTO BLOCKS VALUES(49,1,0) INSERT INTO BLOCKS VALUES(50,2147483597,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=49 INSERT INTO LOBS VALUES(49,1,0,50) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(50,1,'2024-03-02 03:35:14.853000',1,50,NULL,573,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=50 INSERT INTO LOB_IDS VALUES(50,573,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(21,1709346750724,1,200,1709346916670,183,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Date, Access-Control-Allow-Origin, Vary, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:16 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(51,323,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 52 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=50 INSERT INTO BLOCKS VALUES(50,1,0) INSERT INTO BLOCKS VALUES(51,2147483596,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=50 INSERT INTO LOBS VALUES(50,1,0,51) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(51,1,'2024-03-02 03:35:16.854000',1,51,NULL,323,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=51 INSERT INTO LOB_IDS VALUES(51,323,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(32,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',21,21,'','',319,15,3,'','10035-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(67,32,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(68,32,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=15 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',16,'','https://play.cscg.live') COMMIT DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=11 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',12,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') COMMIT DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=15 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',16,'','h3=":443"; ma=2592000') COMMIT DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=11 AND FLAGS='' AND VALS='application/grpc-web+proto' INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',12,'','application/grpc-web+proto') COMMIT DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=15 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',16,'','Caddy') COMMIT DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=11 AND FLAGS='' AND VALS='Origin' INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',12,'','Origin') COMMIT DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=15 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',16,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=11 AND FLAGS='' AND VALS='129' INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',12,'','129') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(52,552,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 53 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=51 INSERT INTO BLOCKS VALUES(51,1,0) INSERT INTO BLOCKS VALUES(52,2147483595,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=51 INSERT INTO LOBS VALUES(51,1,0,52) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(52,1,'2024-03-02 03:35:17.057000',1,52,NULL,552,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=52 INSERT INTO LOB_IDS VALUES(52,552,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(33,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',21,21,'','',693,15,3,'','10021') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(69,33,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(70,33,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(53,573,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 54 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=52 INSERT INTO BLOCKS VALUES(52,1,0) INSERT INTO BLOCKS VALUES(53,2147483594,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=52 INSERT INTO LOBS VALUES(52,1,0,53) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(53,1,'2024-03-02 03:35:17.059000',1,53,NULL,573,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=53 INSERT INTO LOB_IDS VALUES(53,573,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(54,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 55 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=53 INSERT INTO BLOCKS VALUES(53,1,0) INSERT INTO BLOCKS VALUES(54,2147483593,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=53 INSERT INTO LOBS VALUES(53,1,0,54) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(54,1,'2024-03-02 03:35:17.952000',1,54,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=54 INSERT INTO LOB_IDS VALUES(54,64,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(22,1709346750724,1,200,1709346918678,165,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Vary, Date, Content-Type, Access-Control-Allow-Origin, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:18 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(55,323,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 56 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=54 INSERT INTO BLOCKS VALUES(54,1,0) INSERT INTO BLOCKS VALUES(55,2147483592,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=54 INSERT INTO LOBS VALUES(54,1,0,55) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(55,1,'2024-03-02 03:35:18.846000',1,55,NULL,323,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=55 INSERT INTO LOB_IDS VALUES(55,323,1,40) COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=16 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',17,'','https://play.cscg.live') COMMIT /*C5*/INSERT INTO ALERT VALUES(34,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',22,22,'','',319,15,3,'','10035-1') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=12 AND FLAGS='' AND VALS='Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',13,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') COMMIT DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=16 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',17,'','h3=":443"; ma=2592000') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(71,34,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=12 AND FLAGS='' AND VALS='application/grpc-web+proto' INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',13,'','application/grpc-web+proto') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(72,34,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=16 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',17,'','Caddy') COMMIT DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=12 AND FLAGS='' AND VALS='Origin' INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',13,'','Origin') COMMIT DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=16 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',17,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=12 AND FLAGS='' AND VALS='129' INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',13,'','129') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(56,552,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 57 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=55 INSERT INTO BLOCKS VALUES(55,1,0) INSERT INTO BLOCKS VALUES(56,2147483591,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=55 INSERT INTO LOBS VALUES(55,1,0,56) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(56,1,'2024-03-02 03:35:19.051000',1,56,NULL,552,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=56 INSERT INTO LOB_IDS VALUES(56,552,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(35,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',22,22,'','',693,15,3,'','10021') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(73,35,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(74,35,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(57,573,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 58 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=56 INSERT INTO BLOCKS VALUES(56,1,0) INSERT INTO BLOCKS VALUES(57,2147483590,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=56 INSERT INTO LOBS VALUES(56,1,0,57) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(57,1,'2024-03-02 03:35:19.055000',1,57,NULL,573,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=57 INSERT INTO LOB_IDS VALUES(57,573,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(23,1709346750724,1,200,1709346920686,174,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:35:20 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(58,324,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 59 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=57 INSERT INTO BLOCKS VALUES(57,1,0) INSERT INTO BLOCKS VALUES(58,2147483589,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=57 INSERT INTO LOBS VALUES(57,1,0,58) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(58,1,'2024-03-02 03:35:20.861000',1,58,NULL,324,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=58 INSERT INTO LOB_IDS VALUES(58,324,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(24,1709346750724,1,200,1709346920865,94,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Vary, Date, Content-Type, Access-Control-Allow-Origin, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:20 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(59,322,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 60 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=58 INSERT INTO BLOCKS VALUES(58,1,0) INSERT INTO BLOCKS VALUES(59,2147483588,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=58 INSERT INTO LOBS VALUES(58,1,0,59) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(59,1,'2024-03-02 03:35:20.962000',1,59,NULL,322,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=59 INSERT INTO LOB_IDS VALUES(59,322,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(36,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',24,24,'','',319,15,3,'','10035-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(75,36,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(76,36,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C5*/INSERT INTO ALERT VALUES(37,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',23,23,'','',319,15,3,'','10035-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(77,37,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(78,37,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=18 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Headers' AND USED=4 AND FLAGS='' AND VALS='content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization' INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',5,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization') COMMIT DELETE FROM PARAM WHERE PARAMID=19 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Methods' AND USED=4 AND FLAGS='' AND VALS='GET%2CHEAD%2CPOST%2CPUT%2CDELETE' INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',5,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE') COMMIT DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=17 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',18,'','https://play.cscg.live') COMMIT DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=17 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',18,'','h3=":443"; ma=2592000') COMMIT DELETE FROM PARAM WHERE PARAMID=20 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Length' AND USED=4 AND FLAGS='' AND VALS='0' INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',5,'','0') COMMIT DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=17 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',18,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=17 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',18,'','Caddy') COMMIT DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=18 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',19,'','https://play.cscg.live') COMMIT DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=13 AND FLAGS='' AND VALS='Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',14,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') COMMIT DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=18 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',19,'','h3=":443"; ma=2592000') COMMIT DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=13 AND FLAGS='' AND VALS='application/grpc-web+proto' INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',14,'','application/grpc-web+proto') COMMIT DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=18 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',19,'','Caddy') COMMIT DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=13 AND FLAGS='' AND VALS='Origin' INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',14,'','Origin') COMMIT DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=18 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',19,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=13 AND FLAGS='' AND VALS='129' INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',14,'','129') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(60,552,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 61 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=59 INSERT INTO BLOCKS VALUES(59,1,0) INSERT INTO BLOCKS VALUES(60,2147483587,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=59 INSERT INTO LOBS VALUES(59,1,0,60) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(60,1,'2024-03-02 03:35:20.971000',1,60,NULL,552,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=60 INSERT INTO LOB_IDS VALUES(60,552,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(61,552,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 62 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=60 INSERT INTO BLOCKS VALUES(60,1,0) INSERT INTO BLOCKS VALUES(61,2147483586,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=60 INSERT INTO LOBS VALUES(60,1,0,61) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(61,1,'2024-03-02 03:35:20.971000',1,61,NULL,552,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=61 INSERT INTO LOB_IDS VALUES(61,552,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(38,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',24,24,'','',693,15,3,'','10021') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(79,38,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(80,38,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(62,573,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 63 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=61 INSERT INTO BLOCKS VALUES(61,1,0) INSERT INTO BLOCKS VALUES(62,2147483585,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=61 INSERT INTO LOBS VALUES(61,1,0,62) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(62,1,'2024-03-02 03:35:20.973000',1,62,NULL,573,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=62 INSERT INTO LOB_IDS VALUES(62,573,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(25,1709346750724,1,200,1709346922688,508,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:23 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(63,323,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 64 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=62 INSERT INTO BLOCKS VALUES(62,1,0) INSERT INTO BLOCKS VALUES(63,2147483584,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=62 INSERT INTO LOBS VALUES(62,1,0,63) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(63,1,'2024-03-02 03:35:23.197000',1,63,NULL,323,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=63 INSERT INTO LOB_IDS VALUES(63,323,1,40) COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=19 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',20,'','https://play.cscg.live') COMMIT DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=14 AND FLAGS='' AND VALS='Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',15,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') COMMIT DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=19 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',20,'','h3=":443"; ma=2592000') COMMIT DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=14 AND FLAGS='' AND VALS='application/grpc-web+proto' INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',15,'','application/grpc-web+proto') COMMIT DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=19 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',20,'','Caddy') COMMIT DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=14 AND FLAGS='' AND VALS='Origin' INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',15,'','Origin') COMMIT DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=19 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',20,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:23 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=14 AND FLAGS='' AND VALS='129' INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',15,'','129') COMMIT /*C5*/INSERT INTO ALERT VALUES(39,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',25,25,'','',319,15,3,'','10035-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(81,39,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(82,39,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(64,552,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 65 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=63 INSERT INTO BLOCKS VALUES(63,1,0) INSERT INTO BLOCKS VALUES(64,2147483583,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=63 INSERT INTO LOBS VALUES(63,1,0,64) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(64,1,'2024-03-02 03:35:23.399000',1,64,NULL,552,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=64 INSERT INTO LOB_IDS VALUES(64,552,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(40,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',25,25,'','',693,15,3,'','10021') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(83,40,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(84,40,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(65,573,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 66 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=64 INSERT INTO BLOCKS VALUES(64,1,0) INSERT INTO BLOCKS VALUES(65,2147483582,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=64 INSERT INTO LOBS VALUES(64,1,0,65) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(65,1,'2024-03-02 03:35:23.402000',1,65,NULL,573,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=65 INSERT INTO LOB_IDS VALUES(65,573,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(26,1709346750724,1,200,1709346924701,311,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Content-Type, Date, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:24 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(66,323,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 67 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=65 INSERT INTO BLOCKS VALUES(65,1,0) INSERT INTO BLOCKS VALUES(66,2147483581,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=65 INSERT INTO LOBS VALUES(65,1,0,66) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(66,1,'2024-03-02 03:35:25.014000',1,66,NULL,323,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=66 INSERT INTO LOB_IDS VALUES(66,323,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(41,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',26,26,'','',319,15,3,'','10035-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(85,41,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=20 AND FLAGS='' AND VALS='https://play.cscg.live' INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',21,'','https://play.cscg.live') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(86,41,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=15 AND FLAGS='' AND VALS='Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message' INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',16,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message') COMMIT DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=20 AND FLAGS='' AND VALS='h3=":443"; ma=2592000' INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',21,'','h3=":443"; ma=2592000') COMMIT DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=15 AND FLAGS='' AND VALS='application/grpc-web+proto' INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',16,'','application/grpc-web+proto') COMMIT DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=20 AND FLAGS='' AND VALS='Caddy' INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',21,'','Caddy') COMMIT DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=15 AND FLAGS='' AND VALS='Origin' INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',16,'','Origin') COMMIT DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=20 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:23 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT' INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',21,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:23 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:24 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=15 AND FLAGS='' AND VALS='129' INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',16,'','129') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(67,552,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 68 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=66 INSERT INTO BLOCKS VALUES(66,1,0) INSERT INTO BLOCKS VALUES(67,2147483580,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=66 INSERT INTO LOBS VALUES(66,1,0,67) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(67,1,'2024-03-02 03:35:25.220000',1,67,NULL,552,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=67 INSERT INTO LOB_IDS VALUES(67,552,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(42,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',26,26,'','',693,15,3,'','10021') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(87,42,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(88,42,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(68,573,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 69 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=67 INSERT INTO BLOCKS VALUES(67,1,0) INSERT INTO BLOCKS VALUES(68,2147483579,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=67 INSERT INTO LOBS VALUES(67,1,0,68) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(68,1,'2024-03-02 03:35:25.224000',1,68,NULL,573,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=68 INSERT INTO LOB_IDS VALUES(68,573,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(69,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 70 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=68 INSERT INTO BLOCKS VALUES(68,1,0) INSERT INTO BLOCKS VALUES(69,2147483578,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=68 INSERT INTO LOBS VALUES(68,1,0,69) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(69,1,'2024-03-02 03:35:27.951000',1,69,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=69 INSERT INTO LOB_IDS VALUES(69,64,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(70,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 71 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=69 INSERT INTO BLOCKS VALUES(69,1,0) INSERT INTO BLOCKS VALUES(70,2147483577,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=69 INSERT INTO LOBS VALUES(69,1,0,70) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(70,1,'2024-03-02 03:35:37.956000',1,70,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=70 INSERT INTO LOB_IDS VALUES(70,64,1,40) COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=0 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=1 DELETE FROM ALERT_TAG WHERE TAG_ID=2 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=1 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=3 DELETE FROM ALERT_TAG WHERE TAG_ID=4 COMMIT /*C3*/DELETE FROM HISTORY WHERE HISTORYID=1 COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(71,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 72 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=70 INSERT INTO BLOCKS VALUES(70,1,0) INSERT INTO BLOCKS VALUES(71,2147483576,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=70 INSERT INTO LOBS VALUES(70,1,0,71) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(71,1,'2024-03-02 03:35:47.956000',1,71,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=71 INSERT INTO LOB_IDS VALUES(71,64,1,40) COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=8 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=19 DELETE FROM ALERT_TAG WHERE TAG_ID=20 COMMIT /*C3*/DELETE FROM HISTORY WHERE HISTORYID=7 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=9 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=21 DELETE FROM ALERT_TAG WHERE TAG_ID=22 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=10 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=23 DELETE FROM ALERT_TAG WHERE TAG_ID=24 COMMIT /*C3*/DELETE FROM HISTORY WHERE HISTORYID=8 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=11 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=25 DELETE FROM ALERT_TAG WHERE TAG_ID=26 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=12 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=27 DELETE FROM ALERT_TAG WHERE TAG_ID=28 COMMIT /*C3*/DELETE FROM HISTORY WHERE HISTORYID=9 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=13 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=29 DELETE FROM ALERT_TAG WHERE TAG_ID=30 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=14 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=31 DELETE FROM ALERT_TAG WHERE TAG_ID=32 COMMIT /*C3*/DELETE FROM HISTORY WHERE HISTORYID=10 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=15 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=33 DELETE FROM ALERT_TAG WHERE TAG_ID=34 COMMIT /*C3*/DELETE FROM HISTORY WHERE HISTORYID=11 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=16 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=35 DELETE FROM ALERT_TAG WHERE TAG_ID=36 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=17 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=37 DELETE FROM ALERT_TAG WHERE TAG_ID=38 COMMIT /*C3*/DELETE FROM HISTORY WHERE HISTORYID=12 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=18 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=39 DELETE FROM ALERT_TAG WHERE TAG_ID=40 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=19 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=41 DELETE FROM ALERT_TAG WHERE TAG_ID=42 COMMIT /*C3*/DELETE FROM HISTORY WHERE HISTORYID=13 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=20 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=43 DELETE FROM ALERT_TAG WHERE TAG_ID=44 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=21 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=45 DELETE FROM ALERT_TAG WHERE TAG_ID=46 COMMIT /*C3*/DELETE FROM HISTORY WHERE HISTORYID=14 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=23 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=49 DELETE FROM ALERT_TAG WHERE TAG_ID=50 COMMIT /*C3*/DELETE FROM HISTORY WHERE HISTORYID=15 COMMIT DELETE FROM HISTORY WHERE HISTORYID=16 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=25 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=53 DELETE FROM ALERT_TAG WHERE TAG_ID=54 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=26 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=55 DELETE FROM ALERT_TAG WHERE TAG_ID=56 COMMIT /*C3*/DELETE FROM HISTORY WHERE HISTORYID=17 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=27 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=57 DELETE FROM ALERT_TAG WHERE TAG_ID=58 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=28 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=59 DELETE FROM ALERT_TAG WHERE TAG_ID=60 COMMIT /*C3*/DELETE FROM HISTORY WHERE HISTORYID=18 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=30 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=63 DELETE FROM ALERT_TAG WHERE TAG_ID=64 COMMIT /*C3*/DELETE FROM HISTORY WHERE HISTORYID=19 COMMIT DELETE FROM HISTORY WHERE HISTORYID=20 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=32 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=67 DELETE FROM ALERT_TAG WHERE TAG_ID=68 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=33 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=69 DELETE FROM ALERT_TAG WHERE TAG_ID=70 COMMIT /*C3*/DELETE FROM HISTORY WHERE HISTORYID=21 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=34 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=71 DELETE FROM ALERT_TAG WHERE TAG_ID=72 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=35 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=73 DELETE FROM ALERT_TAG WHERE TAG_ID=74 COMMIT /*C3*/DELETE FROM HISTORY WHERE HISTORYID=22 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=37 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=77 DELETE FROM ALERT_TAG WHERE TAG_ID=78 COMMIT /*C3*/DELETE FROM HISTORY WHERE HISTORYID=23 COMMIT DELETE FROM HISTORY WHERE HISTORYID=24 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=39 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=81 DELETE FROM ALERT_TAG WHERE TAG_ID=82 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=40 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=83 DELETE FROM ALERT_TAG WHERE TAG_ID=84 COMMIT /*C3*/DELETE FROM HISTORY WHERE HISTORYID=25 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=41 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=85 DELETE FROM ALERT_TAG WHERE TAG_ID=86 COMMIT /*C5*/DELETE FROM ALERT WHERE ALERTID=42 COMMIT /*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=87 DELETE FROM ALERT_TAG WHERE TAG_ID=88 COMMIT /*C3*/DELETE FROM HISTORY WHERE HISTORYID=3 COMMIT DELETE FROM HISTORY WHERE HISTORYID=2 COMMIT DELETE FROM HISTORY WHERE HISTORYID=26 COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(72,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 73 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=71 INSERT INTO BLOCKS VALUES(71,1,0) INSERT INTO BLOCKS VALUES(72,2147483575,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=71 INSERT INTO LOBS VALUES(71,1,0,72) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(72,1,'2024-03-02 03:35:57.957000',1,72,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=72 INSERT INTO LOB_IDS VALUES(72,64,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(73,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 74 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=72 INSERT INTO BLOCKS VALUES(72,1,0) INSERT INTO BLOCKS VALUES(73,2147483574,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=72 INSERT INTO LOBS VALUES(72,1,0,73) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(73,1,'2024-03-02 03:36:07.957000',1,73,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=73 INSERT INTO LOB_IDS VALUES(73,64,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(74,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 75 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=73 INSERT INTO BLOCKS VALUES(73,1,0) INSERT INTO BLOCKS VALUES(74,2147483573,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=73 INSERT INTO LOBS VALUES(73,1,0,74) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(74,1,'2024-03-02 03:36:17.963000',1,74,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=74 INSERT INTO LOB_IDS VALUES(74,64,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(75,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 76 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=74 INSERT INTO BLOCKS VALUES(74,1,0) INSERT INTO BLOCKS VALUES(75,2147483572,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=74 INSERT INTO LOBS VALUES(74,1,0,75) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(75,1,'2024-03-02 03:36:27.964000',1,75,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=75 INSERT INTO LOB_IDS VALUES(75,64,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(76,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 77 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=75 INSERT INTO BLOCKS VALUES(75,1,0) INSERT INTO BLOCKS VALUES(76,2147483571,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=75 INSERT INTO LOBS VALUES(75,1,0,76) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(76,1,'2024-03-02 03:36:37.967000',1,76,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=76 INSERT INTO LOB_IDS VALUES(76,64,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(77,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 78 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=76 INSERT INTO BLOCKS VALUES(76,1,0) INSERT INTO BLOCKS VALUES(77,2147483570,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=76 INSERT INTO LOBS VALUES(76,1,0,77) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(77,1,'2024-03-02 03:36:47.973000',1,77,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=77 INSERT INTO LOB_IDS VALUES(77,64,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(78,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 79 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=77 INSERT INTO BLOCKS VALUES(77,1,0) INSERT INTO BLOCKS VALUES(78,2147483569,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=77 INSERT INTO LOBS VALUES(77,1,0,78) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(78,1,'2024-03-02 03:36:57.976000',1,78,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=78 INSERT INTO LOB_IDS VALUES(78,64,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(79,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 80 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=78 INSERT INTO BLOCKS VALUES(78,1,0) INSERT INTO BLOCKS VALUES(79,2147483568,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=78 INSERT INTO LOBS VALUES(78,1,0,79) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(79,1,'2024-03-02 03:37:08.102000',1,79,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=79 INSERT INTO LOB_IDS VALUES(79,64,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(80,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 81 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=79 INSERT INTO BLOCKS VALUES(79,1,0) INSERT INTO BLOCKS VALUES(80,2147483567,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=79 INSERT INTO LOBS VALUES(79,1,0,80) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(80,1,'2024-03-02 03:37:18.133000',1,80,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=80 INSERT INTO LOB_IDS VALUES(80,64,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(81,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 82 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=80 INSERT INTO BLOCKS VALUES(80,1,0) INSERT INTO BLOCKS VALUES(81,2147483566,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=80 INSERT INTO LOBS VALUES(80,1,0,81) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(81,1,'2024-03-02 03:37:28.152000',1,81,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=81 INSERT INTO LOB_IDS VALUES(81,64,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(82,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 83 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=81 INSERT INTO BLOCKS VALUES(81,1,0) INSERT INTO BLOCKS VALUES(82,2147483565,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=81 INSERT INTO LOBS VALUES(81,1,0,82) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(82,1,'2024-03-02 03:37:38.962000',1,82,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=82 INSERT INTO LOB_IDS VALUES(82,64,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(27,1709346750724,15,200,1709347068648,206,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Windows 95; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/\u000d\u000aUpgrade-Insecure-Requests: 1\u000d\u000aSec-Fetch-Dest: document\u000d\u000aSec-Fetch-Mode: navigate\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000aSec-Fetch-User: ?1\u000d\u000acontent-length: 0\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:37:48 GMT\u000d\u000aContent-Type: text/html\u000d\u000aContent-Length: 1366\u000d\u000aLast-Modified: Thu, 01 Jan 1970 00:00:01 GMT\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-556"\u000d\u000aCache-Control: no-store\u000d\u000aAccept-Ranges: bytes\u000d\u000a\u000d\u000a','3c68746d6c3e0a3c686561643e0a202020203c7469746c653e496e74726f20746f2057656220323c2f7469746c653e0a202020203c6d65746120636861727365743d225554462d38223e0a202020203c6c696e6b2072656c3d227374796c6573686565742220747970653d22746578742f6373732220687265663d227374796c652e63737322202f3e0a3c2f686561643e0a3c626f64793e0a3c68313e24284745524d414e5f4349545929205472616d205469636b6574204d616368696e653c2f68313e0a0a3c68333e47657420796f7572203c7370616e207374796c653d22746578742d6465636f726174696f6e3a206c696e652d7468726f7567683b223e7469636b65743c2f7370616e3e20666c61672068657265213c2f68333e0a3c68723e0a57697468207468652068656c70206f66206f75722073746174652d6f662d7468652d61727420666c6f707079206469736b20737769746368696e6720726f626f74732c20796f752063616e206e6f772072656164207468652066697273740a70617274206f662074686520666c616720696e207265616c2074696d65210a3c703e0a466c6167207061727420312f343a203c7370616e207374796c653d22636f6c6f723a20677265656e3b20666f6e742d66616d696c793a2027436f7572696572204e6577272c206d6f6e6f73706163653b223e0a20202020435343477b3c7370616e2069643d22666c6167223e2e2e2e2e2e2e2e2e3c2f7370616e3e3c2f7370616e3e0a0a3c212d2d0a4e6f2074696d6520746f20776169742c2072696768743f0a2d2d3e0a0a3c7363726970743e0a666c6167203d20226c396a6a3535304b220a73796d626f6c7352657665616c6564203d20300a7761697454696d65203d20313030303b0a0a66756e6374696f6e206e65787453796d626f6c2829207b0a202020206966202873796d626f6c7352657665616c6564203e3d20666c61672e6c656e677468292072657475726e3b0a2020202073796d626f6c7352657665616c65642b2b3b0a0a202020207761697454696d65202a3d20323b0a2020202073657454696d656f7574286e65787453796d626f6c2c207761697454696d65293b0a7d0a0a66756e6374696f6e207370696e2829207b0a20202020636f6e737420666c616750617274203d20666c61672e73756273747228302c2073796d626f6c7352657665616c6564293b0a20202020636f6e737420616c706861626574203d2028224142434445464748494a4b4c4d4e4f5052535455565758595a61626364656668696b6c6d6e6f727374757677787a3031323334353637383922290a20202020636f6e73742072616e646f6d53796d626f6c203d0a202020202020202073796d626f6c7352657665616c6564203c20666c61672e6c656e6774680a2020202020202020202020203f20616c7068616265742e636861724174284d6174682e666c6f6f72284d6174682e72616e646f6d2829202a20616c7068616265742e6c656e67746829290a2020202020202020202020203a2022223b0a20202020636f6e737420737566666978203d20222e222e726570656174284d6174682e6d617828302c20666c61672e6c656e677468202d2031202d2073796d626f6c7352657665616c656429293b0a0a20202020646f63756d656e742e676574456c656d656e74427949642822666c616722292e696e6e657248544d4c203d20666c616750617274202b2072616e646f6d53796d626f6c202b207375666669783b0a7d0a0a73657454696d656f7574286e65787453796d626f6c2c207761697454696d65293b0a736574496e74657276616c287370696e2c203530293b0a3c2f7363726970743e0a0a3c2f626f64793e0a3c2f68746d6c3e',NULL,'',TRUE) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(83,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 84 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=82 INSERT INTO BLOCKS VALUES(82,1,0) INSERT INTO BLOCKS VALUES(83,2147483564,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=82 INSERT INTO LOBS VALUES(82,1,0,83) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(83,1,'2024-03-02 03:37:49.010000',1,83,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=83 INSERT INTO LOB_IDS VALUES(83,64,1,40) COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=9 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Server' AND USED=2 AND FLAGS='' AND VALS='nginx/1.24.0' INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',3,'','nginx/1.24.0') COMMIT DELETE FROM PARAM WHERE PARAMID=10 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Date' AND USED=2 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT' INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',3,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=11 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Type' AND USED=2 AND FLAGS='' AND VALS='text/html,text/plain' INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',3,'','text/html,text/plain') COMMIT DELETE FROM PARAM WHERE PARAMID=12 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Length' AND USED=2 AND FLAGS='' AND VALS='287,384' INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',3,'','287,1366,384') COMMIT DELETE FROM PARAM WHERE PARAMID=15 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Last-Modified' AND USED=1 AND FLAGS='' AND VALS='Thu%2C 01 Jan 1970 00:00:01 GMT' INSERT INTO PARAM VALUES(15,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Last-Modified',2,'','Thu%2C 01 Jan 1970 00:00:01 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=13 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Connection' AND USED=2 AND FLAGS='' AND VALS='keep-alive' INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',3,'','keep-alive') COMMIT DELETE FROM PARAM WHERE PARAMID=14 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='ETag' AND USED=2 AND FLAGS='' AND VALS='"1-180","1-11f"' INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',3,'','"1-180","1-11f","1-556"') COMMIT DELETE FROM PARAM WHERE PARAMID=16 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Cache-Control' AND USED=1 AND FLAGS='' AND VALS='no-store' INSERT INTO PARAM VALUES(16,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Cache-Control',2,'','no-store') COMMIT DELETE FROM PARAM WHERE PARAMID=17 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Accept-Ranges' AND USED=1 AND FLAGS='' AND VALS='bytes' INSERT INTO PARAM VALUES(17,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Accept-Ranges',2,'','bytes') COMMIT /*C5*/INSERT INTO ALERT VALUES(43,0,10020,'Missing Anti-clickjacking Header',2,2,'The response does not include either Content-Security-Policy with ''frame-ancestors'' directive or X-Frame-Options to protect against ''ClickJacking'' attacks.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','x-frame-options','','Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\u000aIf you expect the page to be framed only by pages on your server (e.g. it''s part of a FRAMESET) then you''ll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy''s "frame-ancestors" directive.','https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options',27,27,'','',1021,15,3,'','10020-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(89,43,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(90,43,'WSTG-v42-CLNT-09','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking') COMMIT INSERT INTO ALERT_TAG VALUES(91,43,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(84,630,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 85 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=83 INSERT INTO BLOCKS VALUES(83,1,0) INSERT INTO BLOCKS VALUES(84,2147483563,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=83 INSERT INTO LOBS VALUES(83,1,0,84) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(84,1,'2024-03-02 03:37:49.436000',1,84,NULL,630,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=84 INSERT INTO LOB_IDS VALUES(84,630,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(44,0,10015,'Re-examine Cache-control Directives',0,1,'The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','cache-control','','For secure content, ensure the cache-control HTTP header is set with "no-cache, no-store, must-revalidate". If an asset should be cached consider setting the directives "public, max-age, immutable".','https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\u000ahttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control\u000ahttps://grayduck.mn/2021/09/13/cache-control-recommendations/',27,27,'','no-store',525,13,3,'','10015') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(92,44,'WSTG-v42-ATHN-06','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(85,635,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 86 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=84 INSERT INTO BLOCKS VALUES(84,1,0) INSERT INTO BLOCKS VALUES(85,2147483562,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=84 INSERT INTO LOBS VALUES(84,1,0,85) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(85,1,'2024-03-02 03:37:49.459000',1,85,NULL,635,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=85 INSERT INTO LOB_IDS VALUES(85,635,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(45,0,10038,'Content Security Policy (CSP) Header Not Set',2,3,'Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page \u2014 covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.','https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy\u000ahttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\u000ahttps://www.w3.org/TR/CSP/\u000ahttps://w3c.github.io/webappsec-csp/\u000ahttps://web.dev/articles/csp\u000ahttps://caniuse.com/#feat=contentsecuritypolicy\u000ahttps://content-security-policy.com/',27,27,'','',693,15,3,'','10038-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(93,45,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(94,45,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(86,625,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 87 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=85 INSERT INTO BLOCKS VALUES(85,1,0) INSERT INTO BLOCKS VALUES(86,2147483561,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=85 INSERT INTO LOBS VALUES(85,1,0,86) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(86,1,'2024-03-02 03:37:49.464000',1,86,NULL,625,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=86 INSERT INTO LOB_IDS VALUES(86,625,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(46,0,10109,'Modern Web Application',0,2,'The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','No links have been found while there are scripts, which is an indication that this is a modern web application.','This is an informational alert and so no changes are required.','',27,27,'','',-1,-1,3,'','10109') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(87,612,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 88 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=86 INSERT INTO BLOCKS VALUES(86,1,0) INSERT INTO BLOCKS VALUES(87,2147483560,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=86 INSERT INTO LOBS VALUES(86,1,0,87) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(87,1,'2024-03-02 03:37:49.486000',1,87,NULL,612,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=87 INSERT INTO LOB_IDS VALUES(87,612,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(47,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',27,27,'','nginx/1.24.0',200,13,3,'','10036') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(95,47,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(96,47,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT INSERT INTO ALERT_TAG VALUES(97,47,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(88,652,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 89 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=87 INSERT INTO BLOCKS VALUES(87,1,0) INSERT INTO BLOCKS VALUES(88,2147483559,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=87 INSERT INTO LOBS VALUES(87,1,0,88) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(88,1,'2024-03-02 03:37:49.514000',1,88,NULL,652,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=88 INSERT INTO LOB_IDS VALUES(88,652,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(48,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',27,27,'','',319,15,3,'','10035-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(98,48,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(99,48,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(89,618,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 90 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=88 INSERT INTO BLOCKS VALUES(88,1,0) INSERT INTO BLOCKS VALUES(89,2147483558,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=88 INSERT INTO LOBS VALUES(88,1,0,89) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(89,1,'2024-03-02 03:37:49.518000',1,89,NULL,618,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=89 INSERT INTO LOB_IDS VALUES(89,618,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(49,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',27,27,'','',693,15,3,'','10021') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(100,49,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(101,49,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(90,639,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 91 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=89 INSERT INTO BLOCKS VALUES(89,1,0) INSERT INTO BLOCKS VALUES(90,2147483557,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=89 INSERT INTO LOBS VALUES(89,1,0,90) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(90,1,'2024-03-02 03:37:49.522000',1,90,NULL,639,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=90 INSERT INTO LOB_IDS VALUES(90,639,1,40) COMMIT /*C8*/SET SCHEMA PUBLIC INSERT INTO TAG VALUES(1,27,'Script') COMMIT INSERT INTO TAG VALUES(2,27,'Comment') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(91,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 92 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=90 INSERT INTO BLOCKS VALUES(90,1,0) INSERT INTO BLOCKS VALUES(91,2147483556,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=90 INSERT INTO LOBS VALUES(90,1,0,91) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(91,1,'2024-03-02 03:37:59.053000',1,91,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=91 INSERT INTO LOB_IDS VALUES(91,64,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(92,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 93 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=91 INSERT INTO BLOCKS VALUES(91,1,0) INSERT INTO BLOCKS VALUES(92,2147483555,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=91 INSERT INTO LOBS VALUES(91,1,0,92) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(92,1,'2024-03-02 03:38:09.054000',1,92,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=92 INSERT INTO LOB_IDS VALUES(92,64,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(93,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 94 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=92 INSERT INTO BLOCKS VALUES(92,1,0) INSERT INTO BLOCKS VALUES(93,2147483554,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=92 INSERT INTO LOBS VALUES(92,1,0,93) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(93,1,'2024-03-02 03:38:19.056000',1,93,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=93 INSERT INTO LOB_IDS VALUES(93,64,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(94,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 95 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=93 INSERT INTO BLOCKS VALUES(93,1,0) INSERT INTO BLOCKS VALUES(94,2147483553,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=93 INSERT INTO LOBS VALUES(93,1,0,94) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(94,1,'2024-03-02 03:38:29.059000',1,94,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=94 INSERT INTO LOB_IDS VALUES(94,64,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(95,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 96 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=94 INSERT INTO BLOCKS VALUES(94,1,0) INSERT INTO BLOCKS VALUES(95,2147483552,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=94 INSERT INTO LOBS VALUES(94,1,0,95) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(95,1,'2024-03-02 03:38:39.059000',1,95,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=95 INSERT INTO LOB_IDS VALUES(95,64,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(28,1709346750724,1,403,1709347121300,30,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aUpgrade-Insecure-Requests: 1\u000d\u000aSec-Fetch-Dest: document\u000d\u000aSec-Fetch-Mode: navigate\u000d\u000aSec-Fetch-Site: none\u000d\u000aSec-Fetch-User: ?1\u000d\u000a\u000d\u000a','','HTTP/1.1 403 Forbidden\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:38:41 GMT\u000d\u000aContent-Type: text/html\u000d\u000aContent-Length: 384\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-180"\u000d\u000a\u000d\u000a','3c68746d6c3e0a3c686561643e0a202020203c7469746c653e496e74726f20746f2057656220323c2f7469746c653e0a202020203c6d65746120636861727365743d225554462d38223e0a202020203c6c696e6b2072656c3d227374796c6573686565742220747970653d22746578742f6373732220687265663d227374796c652e63737322202f3e0a3c2f686561643e0a3c626f64793e0a3c68313e24284745524d414e5f4349545929205472616d205469636b6574204d616368696e653c2f68313e0a0a3c68333e3c7370616e207374796c653d22636f6c6f723a20726564223e496e736563757265206f7065726174696e672073797374656d213c2f7370616e3e3c2f68333e0a3c68723e0a466f7220734563557249745920724561536f4e732c20796f75206e65656420746f2075706461746520796f75722073797374656d20746f2057696e646f7773203935206265666f726520616363657373696e6720746869732077656273697465210a3c2f626f64793e0a3c2f68746d6c3e',NULL,'',TRUE) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(96,354,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 97 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=95 INSERT INTO BLOCKS VALUES(95,1,0) INSERT INTO BLOCKS VALUES(96,2147483551,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=95 INSERT INTO LOBS VALUES(95,1,0,96) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(96,1,'2024-03-02 03:38:41.333000',1,96,NULL,354,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=96 INSERT INTO LOB_IDS VALUES(96,354,1,40) COMMIT /*C3*/INSERT INTO HISTORY VALUES(29,1709346750724,1,200,1709347121392,40,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/css,*/*;q=0.1\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html\u000d\u000aSec-Fetch-Dest: style\u000d\u000aSec-Fetch-Mode: no-cors\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:38:41 GMT\u000d\u000aContent-Type: text/plain\u000d\u000aContent-Length: 287\u000d\u000aLast-Modified: Thu, 01 Jan 1970 00:00:01 GMT\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-11f"\u000d\u000aCache-Control: no-store\u000d\u000aAccept-Ranges: bytes\u000d\u000a\u000d\u000a','68746d6c207b0a202020206d61782d77696474683a20373063683b0a2020202070616464696e673a2033656d2031656d3b0a202020206d617267696e3a206175746f3b0a202020206c696e652d6865696768743a20312e37353b0a20202020666f6e742d73697a653a20312e3235656d3b0a0a202020206261636b67726f756e642d636f6c6f723a20233145323132323b0a20202020636f6c6f723a20234244423741463b0a7d0a68312c2068322c206833207b0a20202020636f6c6f723a20234538453645333b0a7d0a6872207b0a202020206d617267696e2d746f703a202d31656d3b0a7d0a61207b0a20202020636f6c6f723a206c69676874626c75653b0a20202020746578742d6465636f726174696f6e3a206e6f6e653b0a7d0a',NULL,'',TRUE) COMMIT /*C5*/INSERT INTO ALERT VALUES(50,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',29,29,'','nginx/1.24.0',200,13,3,'','10036') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(102,50,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(103,50,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT INSERT INTO ALERT_TAG VALUES(104,50,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=9 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Server' AND USED=3 AND FLAGS='' AND VALS='nginx/1.24.0' INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',4,'','nginx/1.24.0') COMMIT DELETE FROM PARAM WHERE PARAMID=10 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Date' AND USED=3 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT' INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',4,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:38:41 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=11 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Type' AND USED=3 AND FLAGS='' AND VALS='text/html,text/plain' INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',4,'','text/html,text/plain') COMMIT DELETE FROM PARAM WHERE PARAMID=12 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Length' AND USED=3 AND FLAGS='' AND VALS='287,1366,384' INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',4,'','287,1366,384') COMMIT DELETE FROM PARAM WHERE PARAMID=13 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Connection' AND USED=3 AND FLAGS='' AND VALS='keep-alive' INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',4,'','keep-alive') COMMIT DELETE FROM PARAM WHERE PARAMID=14 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='ETag' AND USED=3 AND FLAGS='' AND VALS='"1-180","1-11f","1-556"' INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',4,'','"1-180","1-11f","1-556"') COMMIT DELETE FROM PARAM WHERE PARAMID=9 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Server' AND USED=4 AND FLAGS='' AND VALS='nginx/1.24.0' INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',5,'','nginx/1.24.0') COMMIT DELETE FROM PARAM WHERE PARAMID=10 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Date' AND USED=4 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:38:41 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT' INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',5,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:38:41 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT') COMMIT DELETE FROM PARAM WHERE PARAMID=11 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Type' AND USED=4 AND FLAGS='' AND VALS='text/html,text/plain' INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',5,'','text/html,text/plain') COMMIT /*C5*/INSERT INTO ALERT VALUES(51,0,10038,'Content Security Policy (CSP) Header Not Set',2,3,'Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page \u2014 covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.','https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy\u000ahttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\u000ahttps://www.w3.org/TR/CSP/\u000ahttps://w3c.github.io/webappsec-csp/\u000ahttps://web.dev/articles/csp\u000ahttps://caniuse.com/#feat=contentsecuritypolicy\u000ahttps://content-security-policy.com/',28,28,'','',693,15,3,'','10038-1') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=12 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Length' AND USED=4 AND FLAGS='' AND VALS='287,1366,384' INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',5,'','287,1366,384') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(97,339,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 98 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=96 INSERT INTO BLOCKS VALUES(96,1,0) INSERT INTO BLOCKS VALUES(97,2147483550,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=96 INSERT INTO LOBS VALUES(96,1,0,97) COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(105,51,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(106,51,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=15 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Last-Modified' AND USED=2 AND FLAGS='' AND VALS='Thu%2C 01 Jan 1970 00:00:01 GMT' INSERT INTO PARAM VALUES(15,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Last-Modified',3,'','Thu%2C 01 Jan 1970 00:00:01 GMT') COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(97,1,'2024-03-02 03:38:41.437000',1,97,NULL,339,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=97 INSERT INTO LOB_IDS VALUES(97,339,1,40) COMMIT /*C10*/DELETE FROM PARAM WHERE PARAMID=13 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Connection' AND USED=4 AND FLAGS='' AND VALS='keep-alive' INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',5,'','keep-alive') COMMIT DELETE FROM PARAM WHERE PARAMID=14 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='ETag' AND USED=4 AND FLAGS='' AND VALS='"1-180","1-11f","1-556"' INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',5,'','"1-180","1-11f","1-556"') COMMIT DELETE FROM PARAM WHERE PARAMID=16 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Cache-Control' AND USED=2 AND FLAGS='' AND VALS='no-store' INSERT INTO PARAM VALUES(16,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Cache-Control',3,'','no-store') COMMIT DELETE FROM PARAM WHERE PARAMID=17 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Accept-Ranges' AND USED=2 AND FLAGS='' AND VALS='bytes' INSERT INTO PARAM VALUES(17,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Accept-Ranges',3,'','bytes') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(98,625,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 99 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=97 INSERT INTO BLOCKS VALUES(97,1,0) INSERT INTO BLOCKS VALUES(98,2147483549,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=97 INSERT INTO LOBS VALUES(97,1,0,98) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(98,1,'2024-03-02 03:38:41.439000',1,98,NULL,625,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=98 INSERT INTO LOB_IDS VALUES(98,625,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(99,622,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 100 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=98 INSERT INTO BLOCKS VALUES(98,1,0) INSERT INTO BLOCKS VALUES(99,2147483548,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=98 INSERT INTO LOBS VALUES(98,1,0,99) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(99,1,'2024-03-02 03:38:41.440000',1,99,NULL,622,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=99 INSERT INTO LOB_IDS VALUES(99,622,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(52,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',29,29,'','',319,15,3,'','10035-1') COMMIT INSERT INTO ALERT VALUES(53,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',28,28,'','nginx/1.24.0',200,13,3,'','10036') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(107,53,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(108,53,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT INSERT INTO ALERT_TAG VALUES(109,53,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server') COMMIT INSERT INTO ALERT_TAG VALUES(110,52,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(111,52,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(100,588,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 101 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=99 INSERT INTO BLOCKS VALUES(99,1,0) INSERT INTO BLOCKS VALUES(100,2147483547,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=99 INSERT INTO LOBS VALUES(99,1,0,100) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(101,1,'2024-03-02 03:38:41.449000',1,100,NULL,588,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=100 INSERT INTO LOB_IDS VALUES(100,588,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(101,652,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 102 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=100 INSERT INTO BLOCKS VALUES(100,1,0) INSERT INTO BLOCKS VALUES(101,2147483546,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=100 INSERT INTO LOBS VALUES(100,1,0,101) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(100,1,'2024-03-02 03:38:41.449000',1,101,NULL,652,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=101 INSERT INTO LOB_IDS VALUES(101,652,1,40) COMMIT /*C5*/INSERT INTO ALERT VALUES(54,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',28,28,'','',319,15,3,'','10035-1') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(112,54,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(113,54,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C5*/INSERT INTO ALERT VALUES(55,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',29,29,'','',693,15,3,'','10021') COMMIT /*C6*/INSERT INTO ALERT_TAG VALUES(114,55,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/') COMMIT INSERT INTO ALERT_TAG VALUES(115,55,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html') COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(102,618,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 103 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=101 INSERT INTO BLOCKS VALUES(101,1,0) INSERT INTO BLOCKS VALUES(102,2147483545,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=101 INSERT INTO LOBS VALUES(101,1,0,102) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(103,1,'2024-03-02 03:38:41.472000',1,102,NULL,618,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=102 INSERT INTO LOB_IDS VALUES(102,618,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(103,609,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 104 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=102 INSERT INTO BLOCKS VALUES(102,1,0) INSERT INTO BLOCKS VALUES(103,2147483544,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=102 INSERT INTO LOBS VALUES(102,1,0,103) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(102,1,'2024-03-02 03:38:41.472000',1,103,NULL,609,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=103 INSERT INTO LOB_IDS VALUES(103,609,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(104,201,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 105 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=103 INSERT INTO BLOCKS VALUES(103,1,0) INSERT INTO BLOCKS VALUES(104,2147483543,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=103 INSERT INTO LOBS VALUES(103,1,0,104) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(104,1,'2024-03-02 03:38:41.813000',1,104,NULL,201,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=104 INSERT INTO LOB_IDS VALUES(104,201,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(105,2013,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 106 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=104 INSERT INTO BLOCKS VALUES(104,1,0) INSERT INTO BLOCKS VALUES(105,2147483542,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=104 INSERT INTO LOBS VALUES(104,1,0,105) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(105,1,'2024-03-02 03:38:41.817000',1,105,NULL,2013,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=105 INSERT INTO LOB_IDS VALUES(105,2013,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(106,176,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 107 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=105 INSERT INTO BLOCKS VALUES(105,1,0) INSERT INTO BLOCKS VALUES(106,2147483541,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=105 INSERT INTO LOBS VALUES(105,1,0,106) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(106,1,'2024-03-02 03:38:41.817000',1,106,NULL,176,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=106 INSERT INTO LOB_IDS VALUES(106,176,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(107,2662,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 108 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=106 INSERT INTO BLOCKS VALUES(106,1,0) INSERT INTO BLOCKS VALUES(107,2147483540,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=106 INSERT INTO LOBS VALUES(106,1,0,107) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(107,1,'2024-03-02 03:38:41.821000',1,107,NULL,2662,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=107 INSERT INTO LOB_IDS VALUES(107,2662,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(108,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 109 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=107 INSERT INTO BLOCKS VALUES(107,1,0) INSERT INTO BLOCKS VALUES(108,2147483539,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=107 INSERT INTO LOBS VALUES(107,1,0,108) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(108,1,'2024-03-02 03:38:49.061000',1,108,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=108 INSERT INTO LOB_IDS VALUES(108,64,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(109,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 110 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=108 INSERT INTO BLOCKS VALUES(108,1,0) INSERT INTO BLOCKS VALUES(109,2147483538,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=108 INSERT INTO LOBS VALUES(108,1,0,109) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(109,1,'2024-03-02 03:38:59.082000',1,109,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=109 INSERT INTO LOB_IDS VALUES(109,64,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(110,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 111 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=109 INSERT INTO BLOCKS VALUES(109,1,0) INSERT INTO BLOCKS VALUES(110,2147483537,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=109 INSERT INTO LOBS VALUES(109,1,0,110) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(110,1,'2024-03-02 03:39:09.067000',1,110,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=110 INSERT INTO LOB_IDS VALUES(110,64,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(111,64,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 112 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=110 INSERT INTO BLOCKS VALUES(110,1,0) INSERT INTO BLOCKS VALUES(111,2147483536,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=110 INSERT INTO LOBS VALUES(110,1,0,111) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(111,1,'2024-03-02 03:39:19.068000',1,111,NULL,64,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=111 INSERT INTO LOB_IDS VALUES(111,64,1,40) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(112,4,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 113 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=111 INSERT INTO BLOCKS VALUES(111,1,0) INSERT INTO BLOCKS VALUES(112,2147483535,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=111 INSERT INTO LOBS VALUES(111,1,0,112) COMMIT /*C13*/SET SCHEMA PUBLIC INSERT INTO WEBSOCKET_MESSAGE VALUES(112,1,'2024-03-02 03:39:49.071000',8,112,NULL,2,TRUE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=112 INSERT INTO LOB_IDS VALUES(112,4,1,40) COMMIT SET SCHEMA PUBLIC DELETE FROM WEBSOCKET_CHANNEL WHERE CHANNEL_ID=1 INSERT INTO WEBSOCKET_CHANNEL VALUES(1,'zap',443,'','2024-03-02 03:34:57.550000','2024-03-02 03:40:10.105000',NULL) COMMIT /*C1*/INSERT INTO LOB_IDS VALUES(113,197,0,40) ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 114 COMMIT DELETE FROM BLOCKS WHERE BLOCK_ADDR=112 INSERT INTO BLOCKS VALUES(112,1,0) INSERT INTO BLOCKS VALUES(113,2147483534,0) DELETE FROM BLOCKS WHERE BLOCK_ADDR=112 INSERT INTO LOBS VALUES(112,1,0,113) COMMIT /*C13*/INSERT INTO WEBSOCKET_MESSAGE VALUES(113,1,'2024-03-02 03:40:10.105000',1,113,NULL,197,FALSE) SET SCHEMA SYSTEM_LOBS DELETE FROM LOB_IDS WHERE LOB_ID=113 INSERT INTO LOB_IDS VALUES(113,197,1,40) COMMIT