2904 lines
266 KiB
Plaintext
2904 lines
266 KiB
Plaintext
/*C2*/SET SCHEMA PUBLIC
|
|
SET FILES LOG TRUE
|
|
/*C4*/SET SCHEMA PUBLIC
|
|
DELETE FROM SESSION WHERE SESSIONID=1709346750724
|
|
INSERT INTO SESSION VALUES(1709346750724,'Untitled Session','2024-03-02 03:32:43.041776')
|
|
COMMIT
|
|
/*C3*/SET SCHEMA PUBLIC
|
|
INSERT INTO HISTORY VALUES(1,1709346750724,1,200,1709346894944,457,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:34:55 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
|
|
COMMIT
|
|
INSERT INTO HISTORY VALUES(2,1709346750724,0,0,0,0,'GET','https://api.cscg.live:444','GET https://api.cscg.live:444 HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','','',NULL,'',FALSE)
|
|
COMMIT
|
|
INSERT INTO HISTORY VALUES(3,1709346750724,0,0,0,0,'GET','https://api.cscg.live:444/platform.Platform','GET https://api.cscg.live:444/platform.Platform HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','','',NULL,'',FALSE)
|
|
COMMIT
|
|
/*C10*/SET SCHEMA PUBLIC
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',1,'','https://play.cscg.live')
|
|
COMMIT
|
|
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',1,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message')
|
|
COMMIT
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',1,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',1,'','application/grpc-web+proto')
|
|
COMMIT
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',1,'','Caddy')
|
|
COMMIT
|
|
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',1,'','Origin')
|
|
COMMIT
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',1,'','Sat%2C 02 Mar 2024 02:34:55 GMT')
|
|
COMMIT
|
|
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',1,'','129')
|
|
COMMIT
|
|
/*C5*/SET SCHEMA PUBLIC
|
|
INSERT INTO ALERT VALUES(0,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',1,1,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C6*/SET SCHEMA PUBLIC
|
|
INSERT INTO ALERT_TAG VALUES(1,0,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(2,0,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(1,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',1,1,'','',693,15,3,'','10021')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(3,1,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(4,1,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(4,1709346750724,1,403,1709346896051,237,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/\u000d\u000aUpgrade-Insecure-Requests: 1\u000d\u000aSec-Fetch-Dest: document\u000d\u000aSec-Fetch-Mode: navigate\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000aSec-Fetch-User: ?1\u000d\u000a\u000d\u000a','','HTTP/1.1 403 Forbidden\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:34:56 GMT\u000d\u000aContent-Type: text/html\u000d\u000aContent-Length: 384\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-180"\u000d\u000a\u000d\u000a','3c68746d6c3e0a3c686561643e0a202020203c7469746c653e496e74726f20746f2057656220323c2f7469746c653e0a202020203c6d65746120636861727365743d225554462d38223e0a202020203c6c696e6b2072656c3d227374796c6573686565742220747970653d22746578742f6373732220687265663d227374796c652e63737322202f3e0a3c2f686561643e0a3c626f64793e0a3c68313e24284745524d414e5f4349545929205472616d205469636b6574204d616368696e653c2f68313e0a0a3c68333e3c7370616e207374796c653d22636f6c6f723a20726564223e496e736563757265206f7065726174696e672073797374656d213c2f7370616e3e3c2f68333e0a3c68723e0a466f7220734563557249745920724561536f4e732c20796f75206e65656420746f2075706461746520796f75722073797374656d20746f2057696e646f7773203935206265666f726520616363657373696e6720746869732077656273697465210a3c2f626f64793e0a3c2f68746d6c3e',NULL,'',TRUE)
|
|
COMMIT
|
|
INSERT INTO HISTORY VALUES(5,1709346750724,0,0,0,0,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337 HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/\u000d\u000aUpgrade-Insecure-Requests: 1\u000d\u000aSec-Fetch-Dest: document\u000d\u000aSec-Fetch-Mode: navigate\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000aSec-Fetch-User: ?1\u000d\u000a\u000d\u000a','','','',NULL,'',FALSE)
|
|
COMMIT
|
|
INSERT INTO HISTORY VALUES(6,1709346750724,1,200,1709346896338,23,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/css,*/*;q=0.1\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html\u000d\u000aSec-Fetch-Dest: style\u000d\u000aSec-Fetch-Mode: no-cors\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:34:56 GMT\u000d\u000aContent-Type: text/plain\u000d\u000aContent-Length: 287\u000d\u000aLast-Modified: Thu, 01 Jan 1970 00:00:01 GMT\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-11f"\u000d\u000aCache-Control: no-store\u000d\u000aAccept-Ranges: bytes\u000d\u000a\u000d\u000a','68746d6c207b0a202020206d61782d77696474683a20373063683b0a2020202070616464696e673a2033656d2031656d3b0a202020206d617267696e3a206175746f3b0a202020206c696e652d6865696768743a20312e37353b0a20202020666f6e742d73697a653a20312e3235656d3b0a0a202020206261636b67726f756e642d636f6c6f723a20233145323132323b0a20202020636f6c6f723a20234244423741463b0a7d0a68312c2068322c206833207b0a20202020636f6c6f723a20234538453645333b0a7d0a6872207b0a202020206d617267696e2d746f703a202d31656d3b0a7d0a61207b0a20202020636f6c6f723a206c69676874626c75653b0a20202020746578742d6465636f726174696f6e3a206e6f6e653b0a7d0a',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(2,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',6,6,'','nginx/1.24.0',200,13,3,'','10036')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(5,2,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(6,2,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(7,2,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server')
|
|
COMMIT
|
|
/*C10*/INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',1,'','nginx/1.24.0')
|
|
COMMIT
|
|
INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',1,'','Sat%2C 02 Mar 2024 02:34:56 GMT')
|
|
COMMIT
|
|
INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',1,'','text/html')
|
|
COMMIT
|
|
INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',1,'','384')
|
|
COMMIT
|
|
INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',1,'','keep-alive')
|
|
COMMIT
|
|
INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',1,'','"1-180"')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=9 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Server' AND USED=1 AND FLAGS='' AND VALS='nginx/1.24.0'
|
|
INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',2,'','nginx/1.24.0')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=10 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Date' AND USED=1 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT'
|
|
INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',2,'','Sat%2C 02 Mar 2024 02:34:56 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=11 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Type' AND USED=1 AND FLAGS='' AND VALS='text/html'
|
|
INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',2,'','text/html,text/plain')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=12 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Length' AND USED=1 AND FLAGS='' AND VALS='384'
|
|
INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',2,'','287,384')
|
|
COMMIT
|
|
INSERT INTO PARAM VALUES(15,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Last-Modified',1,'','Thu%2C 01 Jan 1970 00:00:01 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=13 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Connection' AND USED=1 AND FLAGS='' AND VALS='keep-alive'
|
|
INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',2,'','keep-alive')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=14 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='ETag' AND USED=1 AND FLAGS='' AND VALS='"1-180"'
|
|
INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',2,'','"1-180","1-11f"')
|
|
COMMIT
|
|
INSERT INTO PARAM VALUES(16,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Cache-Control',1,'','no-store')
|
|
COMMIT
|
|
INSERT INTO PARAM VALUES(17,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Accept-Ranges',1,'','bytes')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(3,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',6,6,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(8,3,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(9,3,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(4,0,10038,'Content Security Policy (CSP) Header Not Set',2,3,'Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page \u2014 covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.','https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy\u000ahttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\u000ahttps://www.w3.org/TR/CSP/\u000ahttps://w3c.github.io/webappsec-csp/\u000ahttps://web.dev/articles/csp\u000ahttps://caniuse.com/#feat=contentsecuritypolicy\u000ahttps://content-security-policy.com/',4,4,'','',693,15,3,'','10038-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(10,4,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(11,4,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(5,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',6,6,'','',693,15,3,'','10021')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(12,5,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(13,5,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(6,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',4,4,'','nginx/1.24.0',200,13,3,'','10036')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(14,6,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(15,6,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(16,6,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(7,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',4,4,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(17,7,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(18,7,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(7,1709346750724,1,200,1709346896616,130,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:34:56 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C10*/INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',1,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization')
|
|
COMMIT
|
|
INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',1,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=1 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',2,'','https://play.cscg.live')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=1 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',2,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',1,'','0')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=1 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:55 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',2,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=1 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',2,'','Caddy')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(8,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',7,7,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(19,8,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(20,8,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(8,1709346750724,1,200,1709346896918,112,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:34:57 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=2 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',3,'','https://play.cscg.live')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=1 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message'
|
|
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',2,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=2 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',3,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(9,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',8,8,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=1 AND FLAGS='' AND VALS='application/grpc-web+proto'
|
|
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',2,'','application/grpc-web+proto')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=2 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',3,'','Caddy')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=1 AND FLAGS='' AND VALS='Origin'
|
|
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',2,'','Origin')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(21,9,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(22,9,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=2 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',3,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=1 AND FLAGS='' AND VALS='129'
|
|
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',2,'','129')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(10,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',8,8,'','',693,15,3,'','10021')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(23,10,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(24,10,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_CHANNEL VALUES(1,'zap',443,'','2024-03-02 03:34:57.550000',NULL,NULL)
|
|
COMMIT
|
|
/*C1*/SET SCHEMA SYSTEM_LOBS
|
|
INSERT INTO LOB_IDS VALUES(1,61,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 2
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=0
|
|
INSERT INTO BLOCKS VALUES(0,1,0)
|
|
INSERT INTO BLOCKS VALUES(1,2147483646,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=0
|
|
INSERT INTO LOBS VALUES(0,1,0,1)
|
|
COMMIT
|
|
/*C13*/INSERT INTO WEBSOCKET_MESSAGE VALUES(1,1,'2024-03-02 03:34:57.691000',1,1,NULL,61,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=1
|
|
INSERT INTO LOB_IDS VALUES(1,61,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(2,77,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 3
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=1
|
|
INSERT INTO BLOCKS VALUES(1,1,0)
|
|
INSERT INTO BLOCKS VALUES(2,2147483645,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=1
|
|
INSERT INTO LOBS VALUES(1,1,0,2)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(2,1,'2024-03-02 03:34:57.707000',1,2,NULL,77,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=2
|
|
INSERT INTO LOB_IDS VALUES(2,77,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(3,49,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 4
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=2
|
|
INSERT INTO BLOCKS VALUES(2,1,0)
|
|
INSERT INTO BLOCKS VALUES(3,2147483644,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=2
|
|
INSERT INTO LOBS VALUES(2,1,0,3)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(3,1,'2024-03-02 03:34:57.712000',1,3,NULL,49,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=3
|
|
INSERT INTO LOB_IDS VALUES(3,49,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(4,120,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 5
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=3
|
|
INSERT INTO BLOCKS VALUES(3,1,0)
|
|
INSERT INTO BLOCKS VALUES(4,2147483643,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=3
|
|
INSERT INTO LOBS VALUES(3,1,0,4)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(4,1,'2024-03-02 03:34:57.714000',1,4,NULL,120,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=4
|
|
INSERT INTO LOB_IDS VALUES(4,120,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(5,117,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 6
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=4
|
|
INSERT INTO BLOCKS VALUES(4,1,0)
|
|
INSERT INTO BLOCKS VALUES(5,2147483642,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=4
|
|
INSERT INTO LOBS VALUES(4,1,0,5)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(5,1,'2024-03-02 03:34:57.733000',1,5,NULL,117,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=5
|
|
INSERT INTO LOB_IDS VALUES(5,117,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(6,112,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 7
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=5
|
|
INSERT INTO BLOCKS VALUES(5,1,0)
|
|
INSERT INTO BLOCKS VALUES(6,2147483641,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=5
|
|
INSERT INTO LOBS VALUES(5,1,0,6)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(6,1,'2024-03-02 03:34:57.735000',1,6,NULL,112,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=6
|
|
INSERT INTO LOB_IDS VALUES(6,112,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(7,108,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 8
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=6
|
|
INSERT INTO BLOCKS VALUES(6,1,0)
|
|
INSERT INTO BLOCKS VALUES(7,2147483640,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=6
|
|
INSERT INTO LOBS VALUES(6,1,0,7)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(7,1,'2024-03-02 03:34:57.796000',1,7,NULL,108,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=7
|
|
INSERT INTO LOB_IDS VALUES(7,108,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(8,118,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 9
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=7
|
|
INSERT INTO BLOCKS VALUES(7,1,0)
|
|
INSERT INTO BLOCKS VALUES(8,2147483639,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=7
|
|
INSERT INTO LOBS VALUES(7,1,0,8)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(8,1,'2024-03-02 03:34:57.802000',1,8,NULL,118,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=8
|
|
INSERT INTO LOB_IDS VALUES(8,118,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(9,110,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 10
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=8
|
|
INSERT INTO BLOCKS VALUES(8,1,0)
|
|
INSERT INTO BLOCKS VALUES(9,2147483638,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=8
|
|
INSERT INTO LOBS VALUES(8,1,0,9)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(9,1,'2024-03-02 03:34:57.805000',1,9,NULL,110,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=9
|
|
INSERT INTO LOB_IDS VALUES(9,110,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(10,130,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 11
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=9
|
|
INSERT INTO BLOCKS VALUES(9,1,0)
|
|
INSERT INTO BLOCKS VALUES(10,2147483637,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=9
|
|
INSERT INTO LOBS VALUES(9,1,0,10)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(10,1,'2024-03-02 03:34:57.814000',1,10,NULL,130,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=10
|
|
INSERT INTO LOB_IDS VALUES(10,130,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(11,114,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 12
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=10
|
|
INSERT INTO BLOCKS VALUES(10,1,0)
|
|
INSERT INTO BLOCKS VALUES(11,2147483636,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=10
|
|
INSERT INTO LOBS VALUES(10,1,0,11)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(11,1,'2024-03-02 03:34:57.822000',1,11,NULL,114,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=11
|
|
INSERT INTO LOB_IDS VALUES(11,114,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(12,106,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 13
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=11
|
|
INSERT INTO BLOCKS VALUES(11,1,0)
|
|
INSERT INTO BLOCKS VALUES(12,2147483635,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=11
|
|
INSERT INTO LOBS VALUES(11,1,0,12)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(12,1,'2024-03-02 03:34:57.823000',1,12,NULL,106,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=12
|
|
INSERT INTO LOB_IDS VALUES(12,106,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(13,201,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 14
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=12
|
|
INSERT INTO BLOCKS VALUES(12,1,0)
|
|
INSERT INTO BLOCKS VALUES(13,2147483634,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=12
|
|
INSERT INTO LOBS VALUES(12,1,0,13)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(13,1,'2024-03-02 03:34:57.951000',1,13,NULL,201,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=13
|
|
INSERT INTO LOB_IDS VALUES(13,201,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(14,960,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 15
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=13
|
|
INSERT INTO BLOCKS VALUES(13,1,0)
|
|
INSERT INTO BLOCKS VALUES(14,2147483633,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=13
|
|
INSERT INTO LOBS VALUES(13,1,0,14)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(14,1,'2024-03-02 03:34:57.960000',1,14,NULL,960,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=14
|
|
INSERT INTO LOB_IDS VALUES(14,960,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(15,176,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 16
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=14
|
|
INSERT INTO BLOCKS VALUES(14,1,0)
|
|
INSERT INTO BLOCKS VALUES(15,2147483632,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=14
|
|
INSERT INTO LOBS VALUES(14,1,0,15)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(15,1,'2024-03-02 03:34:57.963000',1,15,NULL,176,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=15
|
|
INSERT INTO LOB_IDS VALUES(15,176,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(16,1653,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 17
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=15
|
|
INSERT INTO BLOCKS VALUES(15,1,0)
|
|
INSERT INTO BLOCKS VALUES(16,2147483631,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=15
|
|
INSERT INTO LOBS VALUES(15,1,0,16)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(16,1,'2024-03-02 03:34:57.972000',1,16,NULL,1653,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=16
|
|
INSERT INTO LOB_IDS VALUES(16,1653,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(9,1709346750724,1,200,1709346898617,348,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:34:58 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(17,322,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 18
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=16
|
|
INSERT INTO BLOCKS VALUES(16,1,0)
|
|
INSERT INTO BLOCKS VALUES(17,2147483630,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=16
|
|
INSERT INTO LOBS VALUES(16,1,0,17)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(17,1,'2024-03-02 03:34:58.973000',1,17,NULL,322,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=17
|
|
INSERT INTO LOB_IDS VALUES(17,322,1,40)
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=3 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',4,'','https://play.cscg.live')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=2 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message'
|
|
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',3,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=3 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',4,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=2 AND FLAGS='' AND VALS='application/grpc-web+proto'
|
|
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',3,'','application/grpc-web+proto')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=3 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',4,'','Caddy')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=2 AND FLAGS='' AND VALS='Origin'
|
|
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',3,'','Origin')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=3 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',4,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=2 AND FLAGS='' AND VALS='129'
|
|
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',3,'','129')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(11,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',9,9,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(25,11,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(26,11,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(18,551,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 19
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=17
|
|
INSERT INTO BLOCKS VALUES(17,1,0)
|
|
INSERT INTO BLOCKS VALUES(18,2147483629,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=17
|
|
INSERT INTO LOBS VALUES(17,1,0,18)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(18,1,'2024-03-02 03:34:59.177000',1,18,NULL,551,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=18
|
|
INSERT INTO LOB_IDS VALUES(18,551,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(12,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',9,9,'','',693,15,3,'','10021')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(27,12,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(28,12,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(19,572,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 20
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=18
|
|
INSERT INTO BLOCKS VALUES(18,1,0)
|
|
INSERT INTO BLOCKS VALUES(19,2147483628,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=18
|
|
INSERT INTO LOBS VALUES(18,1,0,19)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(19,1,'2024-03-02 03:34:59.187000',1,19,NULL,572,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=19
|
|
INSERT INTO LOB_IDS VALUES(19,572,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(10,1709346750724,1,200,1709346900752,297,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:01 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(20,323,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 21
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=19
|
|
INSERT INTO BLOCKS VALUES(19,1,0)
|
|
INSERT INTO BLOCKS VALUES(20,2147483627,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=19
|
|
INSERT INTO LOBS VALUES(19,1,0,20)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(20,1,'2024-03-02 03:35:01.052000',1,20,NULL,323,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=20
|
|
INSERT INTO LOB_IDS VALUES(20,323,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(13,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',10,10,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(29,13,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(30,13,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=4 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',5,'','https://play.cscg.live')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=3 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message'
|
|
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',4,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=4 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',5,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=3 AND FLAGS='' AND VALS='application/grpc-web+proto'
|
|
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',4,'','application/grpc-web+proto')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=4 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',5,'','Caddy')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=3 AND FLAGS='' AND VALS='Origin'
|
|
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',4,'','Origin')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=4 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',5,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=3 AND FLAGS='' AND VALS='129'
|
|
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',4,'','129')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(21,552,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 22
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=20
|
|
INSERT INTO BLOCKS VALUES(20,1,0)
|
|
INSERT INTO BLOCKS VALUES(21,2147483626,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=20
|
|
INSERT INTO LOBS VALUES(20,1,0,21)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(21,1,'2024-03-02 03:35:01.274000',1,21,NULL,552,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=21
|
|
INSERT INTO LOB_IDS VALUES(21,552,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(14,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',10,10,'','',693,15,3,'','10021')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(31,14,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(32,14,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(22,573,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 23
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=21
|
|
INSERT INTO BLOCKS VALUES(21,1,0)
|
|
INSERT INTO BLOCKS VALUES(22,2147483625,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=21
|
|
INSERT INTO LOBS VALUES(21,1,0,22)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(22,1,'2024-03-02 03:35:01.281000',1,22,NULL,573,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=22
|
|
INSERT INTO LOB_IDS VALUES(22,573,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(11,1709346750724,1,200,1709346902634,106,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:35:02 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(23,324,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 24
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=22
|
|
INSERT INTO BLOCKS VALUES(22,1,0)
|
|
INSERT INTO BLOCKS VALUES(23,2147483624,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=22
|
|
INSERT INTO LOBS VALUES(22,1,0,23)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(23,1,'2024-03-02 03:35:02.743000',1,23,NULL,324,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=23
|
|
INSERT INTO LOB_IDS VALUES(23,324,1,40)
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=18 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Headers' AND USED=1 AND FLAGS='' AND VALS='content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization'
|
|
INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',2,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=19 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Methods' AND USED=1 AND FLAGS='' AND VALS='GET%2CHEAD%2CPOST%2CPUT%2CDELETE'
|
|
INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',2,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=5 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',6,'','https://play.cscg.live')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(15,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',11,11,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(33,15,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(34,15,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=5 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',6,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=20 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Length' AND USED=1 AND FLAGS='' AND VALS='0'
|
|
INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',2,'','0')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=5 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',6,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=5 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',6,'','Caddy')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(24,552,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 25
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=23
|
|
INSERT INTO BLOCKS VALUES(23,1,0)
|
|
INSERT INTO BLOCKS VALUES(24,2147483623,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=23
|
|
INSERT INTO LOBS VALUES(23,1,0,24)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(24,1,'2024-03-02 03:35:02.956000',1,24,NULL,552,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=24
|
|
INSERT INTO LOB_IDS VALUES(24,552,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(12,1709346750724,1,200,1709346902745,278,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:03 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(25,323,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 26
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=24
|
|
INSERT INTO BLOCKS VALUES(24,1,0)
|
|
INSERT INTO BLOCKS VALUES(25,2147483622,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=24
|
|
INSERT INTO LOBS VALUES(24,1,0,25)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(25,1,'2024-03-02 03:35:03.024000',1,25,NULL,323,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=25
|
|
INSERT INTO LOB_IDS VALUES(25,323,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(16,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',12,12,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(35,16,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(36,16,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=6 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',7,'','https://play.cscg.live')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=4 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message'
|
|
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',5,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=6 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',7,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=4 AND FLAGS='' AND VALS='application/grpc-web+proto'
|
|
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',5,'','application/grpc-web+proto')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=6 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',7,'','Caddy')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=4 AND FLAGS='' AND VALS='Origin'
|
|
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',5,'','Origin')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=6 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',7,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=4 AND FLAGS='' AND VALS='129'
|
|
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',5,'','129')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(26,552,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 27
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=25
|
|
INSERT INTO BLOCKS VALUES(25,1,0)
|
|
INSERT INTO BLOCKS VALUES(26,2147483621,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=25
|
|
INSERT INTO LOBS VALUES(25,1,0,26)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(26,1,'2024-03-02 03:35:03.236000',1,26,NULL,552,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=26
|
|
INSERT INTO LOB_IDS VALUES(26,552,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(17,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',12,12,'','',693,15,3,'','10021')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(37,17,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(38,17,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(27,573,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 28
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=26
|
|
INSERT INTO BLOCKS VALUES(26,1,0)
|
|
INSERT INTO BLOCKS VALUES(27,2147483620,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=26
|
|
INSERT INTO LOBS VALUES(26,1,0,27)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(27,1,'2024-03-02 03:35:03.262000',1,27,NULL,573,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=27
|
|
INSERT INTO LOB_IDS VALUES(27,573,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(13,1709346750724,1,200,1709346904639,173,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Vary, Date, Content-Type, Access-Control-Allow-Origin, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:04 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(28,323,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 29
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=27
|
|
INSERT INTO BLOCKS VALUES(27,1,0)
|
|
INSERT INTO BLOCKS VALUES(28,2147483619,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=27
|
|
INSERT INTO LOBS VALUES(27,1,0,28)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(28,1,'2024-03-02 03:35:04.813000',1,28,NULL,323,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=28
|
|
INSERT INTO LOB_IDS VALUES(28,323,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(18,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',13,13,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=7 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',8,'','https://play.cscg.live')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=5 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message'
|
|
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',6,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(39,18,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(40,18,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=7 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',8,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=5 AND FLAGS='' AND VALS='application/grpc-web+proto'
|
|
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',6,'','application/grpc-web+proto')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=7 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',8,'','Caddy')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=5 AND FLAGS='' AND VALS='Origin'
|
|
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',6,'','Origin')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=7 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',8,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=5 AND FLAGS='' AND VALS='129'
|
|
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',6,'','129')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(29,552,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 30
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=28
|
|
INSERT INTO BLOCKS VALUES(28,1,0)
|
|
INSERT INTO BLOCKS VALUES(29,2147483618,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=28
|
|
INSERT INTO LOBS VALUES(28,1,0,29)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(29,1,'2024-03-02 03:35:05.035000',1,29,NULL,552,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=29
|
|
INSERT INTO LOB_IDS VALUES(29,552,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(19,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',13,13,'','',693,15,3,'','10021')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(41,19,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(42,19,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(30,573,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 31
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=29
|
|
INSERT INTO BLOCKS VALUES(29,1,0)
|
|
INSERT INTO BLOCKS VALUES(30,2147483617,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=29
|
|
INSERT INTO LOBS VALUES(29,1,0,30)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(30,1,'2024-03-02 03:35:05.038000',1,30,NULL,573,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=30
|
|
INSERT INTO LOB_IDS VALUES(30,573,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(14,1709346750724,1,200,1709346906638,170,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:06 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(31,323,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 32
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=30
|
|
INSERT INTO BLOCKS VALUES(30,1,0)
|
|
INSERT INTO BLOCKS VALUES(31,2147483616,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=30
|
|
INSERT INTO LOBS VALUES(30,1,0,31)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(31,1,'2024-03-02 03:35:06.809000',1,31,NULL,323,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=31
|
|
INSERT INTO LOB_IDS VALUES(31,323,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(20,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',14,14,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(43,20,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(44,20,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=8 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',9,'','https://play.cscg.live')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=6 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
|
|
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',7,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=8 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',9,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=6 AND FLAGS='' AND VALS='application/grpc-web+proto'
|
|
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',7,'','application/grpc-web+proto')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=8 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',9,'','Caddy')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=6 AND FLAGS='' AND VALS='Origin'
|
|
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',7,'','Origin')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=8 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',9,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=6 AND FLAGS='' AND VALS='129'
|
|
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',7,'','129')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(32,552,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 33
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=31
|
|
INSERT INTO BLOCKS VALUES(31,1,0)
|
|
INSERT INTO BLOCKS VALUES(32,2147483615,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=31
|
|
INSERT INTO LOBS VALUES(31,1,0,32)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(32,1,'2024-03-02 03:35:07.025000',1,32,NULL,552,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=32
|
|
INSERT INTO LOB_IDS VALUES(32,552,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(21,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',14,14,'','',693,15,3,'','10021')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(45,21,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(46,21,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(33,573,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 34
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=32
|
|
INSERT INTO BLOCKS VALUES(32,1,0)
|
|
INSERT INTO BLOCKS VALUES(33,2147483614,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=32
|
|
INSERT INTO LOBS VALUES(32,1,0,33)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(33,1,'2024-03-02 03:35:07.049000',1,33,NULL,573,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=33
|
|
INSERT INTO LOB_IDS VALUES(33,573,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(34,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 35
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=33
|
|
INSERT INTO BLOCKS VALUES(33,1,0)
|
|
INSERT INTO BLOCKS VALUES(34,2147483613,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=33
|
|
INSERT INTO LOBS VALUES(33,1,0,34)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(34,1,'2024-03-02 03:35:07.950000',1,34,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=34
|
|
INSERT INTO LOB_IDS VALUES(34,64,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(15,1709346750724,1,200,1709346908652,157,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:35:08 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(35,324,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 36
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=34
|
|
INSERT INTO BLOCKS VALUES(34,1,0)
|
|
INSERT INTO BLOCKS VALUES(35,2147483612,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=34
|
|
INSERT INTO LOBS VALUES(34,1,0,35)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(35,1,'2024-03-02 03:35:08.811000',1,35,NULL,324,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=35
|
|
INSERT INTO LOB_IDS VALUES(35,324,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(16,1709346750724,1,200,1709346908814,72,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Content-Type, Access-Control-Allow-Origin, Vary, Date, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:08 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=18 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Headers' AND USED=2 AND FLAGS='' AND VALS='content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization'
|
|
INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',3,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=19 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Methods' AND USED=2 AND FLAGS='' AND VALS='GET%2CHEAD%2CPOST%2CPUT%2CDELETE'
|
|
INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',3,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(36,322,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 37
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=9 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',10,'','https://play.cscg.live')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=9 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',10,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=20 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Length' AND USED=2 AND FLAGS='' AND VALS='0'
|
|
INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',3,'','0')
|
|
COMMIT
|
|
/*C1*/DELETE FROM BLOCKS WHERE BLOCK_ADDR=35
|
|
INSERT INTO BLOCKS VALUES(35,1,0)
|
|
INSERT INTO BLOCKS VALUES(36,2147483611,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=35
|
|
INSERT INTO LOBS VALUES(35,1,0,36)
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=9 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',10,'','Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=9 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',10,'','Caddy')
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(36,1,'2024-03-02 03:35:08.888000',1,36,NULL,322,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=36
|
|
INSERT INTO LOB_IDS VALUES(36,322,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(22,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',16,16,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(47,22,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(48,22,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=10 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',11,'','https://play.cscg.live')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(23,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',15,15,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=7 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
|
|
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',8,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(49,23,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=10 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',11,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(50,23,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=7 AND FLAGS='' AND VALS='application/grpc-web+proto'
|
|
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',8,'','application/grpc-web+proto')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=10 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',11,'','Caddy')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=7 AND FLAGS='' AND VALS='Origin'
|
|
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',8,'','Origin')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=10 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',11,'','Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=7 AND FLAGS='' AND VALS='129'
|
|
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',8,'','129')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(37,552,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 38
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=36
|
|
INSERT INTO BLOCKS VALUES(36,1,0)
|
|
INSERT INTO BLOCKS VALUES(37,2147483610,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=36
|
|
INSERT INTO LOBS VALUES(36,1,0,37)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(37,1,'2024-03-02 03:35:08.894000',1,37,NULL,552,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=37
|
|
INSERT INTO LOB_IDS VALUES(37,552,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(38,552,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 39
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=37
|
|
INSERT INTO BLOCKS VALUES(37,1,0)
|
|
INSERT INTO BLOCKS VALUES(38,2147483609,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=37
|
|
INSERT INTO LOBS VALUES(37,1,0,38)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(24,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',16,16,'','',693,15,3,'','10021')
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(38,1,'2024-03-02 03:35:08.894000',1,38,NULL,552,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=38
|
|
INSERT INTO LOB_IDS VALUES(38,552,1,40)
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(51,24,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(52,24,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(39,573,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 40
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=38
|
|
INSERT INTO BLOCKS VALUES(38,1,0)
|
|
INSERT INTO BLOCKS VALUES(39,2147483608,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=38
|
|
INSERT INTO LOBS VALUES(38,1,0,39)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(39,1,'2024-03-02 03:35:08.897000',1,39,NULL,573,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=39
|
|
INSERT INTO LOB_IDS VALUES(39,573,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(17,1709346750724,1,200,1709346910654,366,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:11 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(40,323,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 41
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=39
|
|
INSERT INTO BLOCKS VALUES(39,1,0)
|
|
INSERT INTO BLOCKS VALUES(40,2147483607,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=39
|
|
INSERT INTO LOBS VALUES(39,1,0,40)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(40,1,'2024-03-02 03:35:11.021000',1,40,NULL,323,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=40
|
|
INSERT INTO LOB_IDS VALUES(40,323,1,40)
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=11 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',12,'','https://play.cscg.live')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(25,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',17,17,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=8 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
|
|
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',9,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=11 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',12,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=8 AND FLAGS='' AND VALS='application/grpc-web+proto'
|
|
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',9,'','application/grpc-web+proto')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=11 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',12,'','Caddy')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(53,25,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(54,25,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=8 AND FLAGS='' AND VALS='Origin'
|
|
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',9,'','Origin')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=11 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',12,'','Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=8 AND FLAGS='' AND VALS='129'
|
|
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',9,'','129')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(41,552,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 42
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=40
|
|
INSERT INTO BLOCKS VALUES(40,1,0)
|
|
INSERT INTO BLOCKS VALUES(41,2147483606,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=40
|
|
INSERT INTO LOBS VALUES(40,1,0,41)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(41,1,'2024-03-02 03:35:11.227000',1,41,NULL,552,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=41
|
|
INSERT INTO LOB_IDS VALUES(41,552,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(26,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',17,17,'','',693,15,3,'','10021')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(55,26,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(56,26,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(42,573,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 43
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=41
|
|
INSERT INTO BLOCKS VALUES(41,1,0)
|
|
INSERT INTO BLOCKS VALUES(42,2147483605,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=41
|
|
INSERT INTO LOBS VALUES(41,1,0,42)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(42,1,'2024-03-02 03:35:11.230000',1,42,NULL,573,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=42
|
|
INSERT INTO LOB_IDS VALUES(42,573,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(18,1709346750724,1,200,1709346912663,382,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Content-Type, Access-Control-Allow-Origin, Vary, Date, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:12 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(43,323,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 44
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=42
|
|
INSERT INTO BLOCKS VALUES(42,1,0)
|
|
INSERT INTO BLOCKS VALUES(43,2147483604,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=42
|
|
INSERT INTO LOBS VALUES(42,1,0,43)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(43,1,'2024-03-02 03:35:13.047000',1,43,NULL,323,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=43
|
|
INSERT INTO LOB_IDS VALUES(43,323,1,40)
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=12 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',13,'','https://play.cscg.live')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=9 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
|
|
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',10,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=12 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',13,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=9 AND FLAGS='' AND VALS='application/grpc-web+proto'
|
|
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',10,'','application/grpc-web+proto')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=12 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',13,'','Caddy')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=9 AND FLAGS='' AND VALS='Origin'
|
|
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',10,'','Origin')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=12 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',13,'','Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=9 AND FLAGS='' AND VALS='129'
|
|
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',10,'','129')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(27,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',18,18,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(57,27,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(58,27,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(44,552,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 45
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=43
|
|
INSERT INTO BLOCKS VALUES(43,1,0)
|
|
INSERT INTO BLOCKS VALUES(44,2147483603,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=43
|
|
INSERT INTO LOBS VALUES(43,1,0,44)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(44,1,'2024-03-02 03:35:13.255000',1,44,NULL,552,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=44
|
|
INSERT INTO LOB_IDS VALUES(44,552,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(28,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',18,18,'','',693,15,3,'','10021')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(59,28,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(60,28,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(45,573,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 46
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=44
|
|
INSERT INTO BLOCKS VALUES(44,1,0)
|
|
INSERT INTO BLOCKS VALUES(45,2147483602,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=44
|
|
INSERT INTO LOBS VALUES(44,1,0,45)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(45,1,'2024-03-02 03:35:13.258000',1,45,NULL,573,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=45
|
|
INSERT INTO LOB_IDS VALUES(45,573,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(19,1709346750724,1,200,1709346914670,89,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:35:14 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(46,323,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 47
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=45
|
|
INSERT INTO BLOCKS VALUES(45,1,0)
|
|
INSERT INTO BLOCKS VALUES(46,2147483601,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=45
|
|
INSERT INTO LOBS VALUES(45,1,0,46)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(46,1,'2024-03-02 03:35:14.760000',1,46,NULL,323,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=46
|
|
INSERT INTO LOB_IDS VALUES(46,323,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(20,1709346750724,1,200,1709346914763,83,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Content-Type, Date, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:14 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(47,322,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 48
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=46
|
|
INSERT INTO BLOCKS VALUES(46,1,0)
|
|
INSERT INTO BLOCKS VALUES(47,2147483600,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=46
|
|
INSERT INTO LOBS VALUES(46,1,0,47)
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=18 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Headers' AND USED=3 AND FLAGS='' AND VALS='content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization'
|
|
INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',4,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization')
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(47,1,'2024-03-02 03:35:14.848000',1,47,NULL,322,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=47
|
|
INSERT INTO LOB_IDS VALUES(47,322,1,40)
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=19 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Methods' AND USED=3 AND FLAGS='' AND VALS='GET%2CHEAD%2CPOST%2CPUT%2CDELETE'
|
|
INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',4,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=13 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',14,'','https://play.cscg.live')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=13 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',14,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=20 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Length' AND USED=3 AND FLAGS='' AND VALS='0'
|
|
INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',4,'','0')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=13 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',14,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=13 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',14,'','Caddy')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=14 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',15,'','https://play.cscg.live')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=10 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
|
|
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',11,'','Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=14 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',15,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=10 AND FLAGS='' AND VALS='application/grpc-web+proto'
|
|
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',11,'','application/grpc-web+proto')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=14 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',15,'','Caddy')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=10 AND FLAGS='' AND VALS='Origin'
|
|
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',11,'','Origin')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=14 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',15,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(29,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',20,20,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=10 AND FLAGS='' AND VALS='129'
|
|
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',11,'','129')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(61,29,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(62,29,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(48,552,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 49
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=47
|
|
INSERT INTO BLOCKS VALUES(47,1,0)
|
|
INSERT INTO BLOCKS VALUES(48,2147483599,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=47
|
|
INSERT INTO LOBS VALUES(47,1,0,48)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(30,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',19,19,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(48,1,'2024-03-02 03:35:14.851000',1,48,NULL,552,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=48
|
|
INSERT INTO LOB_IDS VALUES(48,552,1,40)
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(63,30,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(64,30,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(31,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',20,20,'','',693,15,3,'','10021')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(65,31,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(66,31,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(49,552,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 50
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=48
|
|
INSERT INTO BLOCKS VALUES(48,1,0)
|
|
INSERT INTO BLOCKS VALUES(49,2147483598,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=48
|
|
INSERT INTO LOBS VALUES(48,1,0,49)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(49,1,'2024-03-02 03:35:14.853000',1,49,NULL,552,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=49
|
|
INSERT INTO LOB_IDS VALUES(49,552,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(50,573,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 51
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=49
|
|
INSERT INTO BLOCKS VALUES(49,1,0)
|
|
INSERT INTO BLOCKS VALUES(50,2147483597,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=49
|
|
INSERT INTO LOBS VALUES(49,1,0,50)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(50,1,'2024-03-02 03:35:14.853000',1,50,NULL,573,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=50
|
|
INSERT INTO LOB_IDS VALUES(50,573,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(21,1709346750724,1,200,1709346916670,183,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Date, Access-Control-Allow-Origin, Vary, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:16 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(51,323,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 52
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=50
|
|
INSERT INTO BLOCKS VALUES(50,1,0)
|
|
INSERT INTO BLOCKS VALUES(51,2147483596,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=50
|
|
INSERT INTO LOBS VALUES(50,1,0,51)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(51,1,'2024-03-02 03:35:16.854000',1,51,NULL,323,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=51
|
|
INSERT INTO LOB_IDS VALUES(51,323,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(32,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',21,21,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(67,32,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(68,32,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=15 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',16,'','https://play.cscg.live')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=11 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
|
|
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',12,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=15 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',16,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=11 AND FLAGS='' AND VALS='application/grpc-web+proto'
|
|
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',12,'','application/grpc-web+proto')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=15 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',16,'','Caddy')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=11 AND FLAGS='' AND VALS='Origin'
|
|
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',12,'','Origin')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=15 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',16,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=11 AND FLAGS='' AND VALS='129'
|
|
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',12,'','129')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(52,552,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 53
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=51
|
|
INSERT INTO BLOCKS VALUES(51,1,0)
|
|
INSERT INTO BLOCKS VALUES(52,2147483595,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=51
|
|
INSERT INTO LOBS VALUES(51,1,0,52)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(52,1,'2024-03-02 03:35:17.057000',1,52,NULL,552,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=52
|
|
INSERT INTO LOB_IDS VALUES(52,552,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(33,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',21,21,'','',693,15,3,'','10021')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(69,33,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(70,33,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(53,573,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 54
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=52
|
|
INSERT INTO BLOCKS VALUES(52,1,0)
|
|
INSERT INTO BLOCKS VALUES(53,2147483594,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=52
|
|
INSERT INTO LOBS VALUES(52,1,0,53)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(53,1,'2024-03-02 03:35:17.059000',1,53,NULL,573,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=53
|
|
INSERT INTO LOB_IDS VALUES(53,573,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(54,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 55
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=53
|
|
INSERT INTO BLOCKS VALUES(53,1,0)
|
|
INSERT INTO BLOCKS VALUES(54,2147483593,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=53
|
|
INSERT INTO LOBS VALUES(53,1,0,54)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(54,1,'2024-03-02 03:35:17.952000',1,54,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=54
|
|
INSERT INTO LOB_IDS VALUES(54,64,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(22,1709346750724,1,200,1709346918678,165,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Vary, Date, Content-Type, Access-Control-Allow-Origin, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:18 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(55,323,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 56
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=54
|
|
INSERT INTO BLOCKS VALUES(54,1,0)
|
|
INSERT INTO BLOCKS VALUES(55,2147483592,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=54
|
|
INSERT INTO LOBS VALUES(54,1,0,55)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(55,1,'2024-03-02 03:35:18.846000',1,55,NULL,323,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=55
|
|
INSERT INTO LOB_IDS VALUES(55,323,1,40)
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=16 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',17,'','https://play.cscg.live')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(34,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',22,22,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=12 AND FLAGS='' AND VALS='Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
|
|
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',13,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=16 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',17,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(71,34,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=12 AND FLAGS='' AND VALS='application/grpc-web+proto'
|
|
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',13,'','application/grpc-web+proto')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(72,34,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=16 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',17,'','Caddy')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=12 AND FLAGS='' AND VALS='Origin'
|
|
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',13,'','Origin')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=16 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',17,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=12 AND FLAGS='' AND VALS='129'
|
|
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',13,'','129')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(56,552,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 57
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=55
|
|
INSERT INTO BLOCKS VALUES(55,1,0)
|
|
INSERT INTO BLOCKS VALUES(56,2147483591,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=55
|
|
INSERT INTO LOBS VALUES(55,1,0,56)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(56,1,'2024-03-02 03:35:19.051000',1,56,NULL,552,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=56
|
|
INSERT INTO LOB_IDS VALUES(56,552,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(35,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',22,22,'','',693,15,3,'','10021')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(73,35,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(74,35,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(57,573,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 58
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=56
|
|
INSERT INTO BLOCKS VALUES(56,1,0)
|
|
INSERT INTO BLOCKS VALUES(57,2147483590,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=56
|
|
INSERT INTO LOBS VALUES(56,1,0,57)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(57,1,'2024-03-02 03:35:19.055000',1,57,NULL,573,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=57
|
|
INSERT INTO LOB_IDS VALUES(57,573,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(23,1709346750724,1,200,1709346920686,174,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:35:20 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(58,324,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 59
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=57
|
|
INSERT INTO BLOCKS VALUES(57,1,0)
|
|
INSERT INTO BLOCKS VALUES(58,2147483589,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=57
|
|
INSERT INTO LOBS VALUES(57,1,0,58)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(58,1,'2024-03-02 03:35:20.861000',1,58,NULL,324,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=58
|
|
INSERT INTO LOB_IDS VALUES(58,324,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(24,1709346750724,1,200,1709346920865,94,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Vary, Date, Content-Type, Access-Control-Allow-Origin, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:20 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(59,322,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 60
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=58
|
|
INSERT INTO BLOCKS VALUES(58,1,0)
|
|
INSERT INTO BLOCKS VALUES(59,2147483588,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=58
|
|
INSERT INTO LOBS VALUES(58,1,0,59)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(59,1,'2024-03-02 03:35:20.962000',1,59,NULL,322,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=59
|
|
INSERT INTO LOB_IDS VALUES(59,322,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(36,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',24,24,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(75,36,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(76,36,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(37,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',23,23,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(77,37,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(78,37,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=18 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Headers' AND USED=4 AND FLAGS='' AND VALS='content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization'
|
|
INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',5,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=19 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Methods' AND USED=4 AND FLAGS='' AND VALS='GET%2CHEAD%2CPOST%2CPUT%2CDELETE'
|
|
INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',5,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=17 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',18,'','https://play.cscg.live')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=17 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',18,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=20 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Length' AND USED=4 AND FLAGS='' AND VALS='0'
|
|
INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',5,'','0')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=17 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',18,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=17 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',18,'','Caddy')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=18 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',19,'','https://play.cscg.live')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=13 AND FLAGS='' AND VALS='Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
|
|
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',14,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=18 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',19,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=13 AND FLAGS='' AND VALS='application/grpc-web+proto'
|
|
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',14,'','application/grpc-web+proto')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=18 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',19,'','Caddy')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=13 AND FLAGS='' AND VALS='Origin'
|
|
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',14,'','Origin')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=18 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',19,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=13 AND FLAGS='' AND VALS='129'
|
|
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',14,'','129')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(60,552,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 61
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=59
|
|
INSERT INTO BLOCKS VALUES(59,1,0)
|
|
INSERT INTO BLOCKS VALUES(60,2147483587,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=59
|
|
INSERT INTO LOBS VALUES(59,1,0,60)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(60,1,'2024-03-02 03:35:20.971000',1,60,NULL,552,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=60
|
|
INSERT INTO LOB_IDS VALUES(60,552,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(61,552,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 62
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=60
|
|
INSERT INTO BLOCKS VALUES(60,1,0)
|
|
INSERT INTO BLOCKS VALUES(61,2147483586,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=60
|
|
INSERT INTO LOBS VALUES(60,1,0,61)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(61,1,'2024-03-02 03:35:20.971000',1,61,NULL,552,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=61
|
|
INSERT INTO LOB_IDS VALUES(61,552,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(38,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',24,24,'','',693,15,3,'','10021')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(79,38,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(80,38,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(62,573,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 63
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=61
|
|
INSERT INTO BLOCKS VALUES(61,1,0)
|
|
INSERT INTO BLOCKS VALUES(62,2147483585,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=61
|
|
INSERT INTO LOBS VALUES(61,1,0,62)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(62,1,'2024-03-02 03:35:20.973000',1,62,NULL,573,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=62
|
|
INSERT INTO LOB_IDS VALUES(62,573,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(25,1709346750724,1,200,1709346922688,508,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:23 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(63,323,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 64
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=62
|
|
INSERT INTO BLOCKS VALUES(62,1,0)
|
|
INSERT INTO BLOCKS VALUES(63,2147483584,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=62
|
|
INSERT INTO LOBS VALUES(62,1,0,63)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(63,1,'2024-03-02 03:35:23.197000',1,63,NULL,323,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=63
|
|
INSERT INTO LOB_IDS VALUES(63,323,1,40)
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=19 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',20,'','https://play.cscg.live')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=14 AND FLAGS='' AND VALS='Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
|
|
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',15,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=19 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',20,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=14 AND FLAGS='' AND VALS='application/grpc-web+proto'
|
|
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',15,'','application/grpc-web+proto')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=19 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',20,'','Caddy')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=14 AND FLAGS='' AND VALS='Origin'
|
|
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',15,'','Origin')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=19 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',20,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:23 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=14 AND FLAGS='' AND VALS='129'
|
|
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',15,'','129')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(39,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',25,25,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(81,39,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(82,39,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(64,552,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 65
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=63
|
|
INSERT INTO BLOCKS VALUES(63,1,0)
|
|
INSERT INTO BLOCKS VALUES(64,2147483583,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=63
|
|
INSERT INTO LOBS VALUES(63,1,0,64)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(64,1,'2024-03-02 03:35:23.399000',1,64,NULL,552,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=64
|
|
INSERT INTO LOB_IDS VALUES(64,552,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(40,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',25,25,'','',693,15,3,'','10021')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(83,40,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(84,40,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(65,573,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 66
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=64
|
|
INSERT INTO BLOCKS VALUES(64,1,0)
|
|
INSERT INTO BLOCKS VALUES(65,2147483582,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=64
|
|
INSERT INTO LOBS VALUES(64,1,0,65)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(65,1,'2024-03-02 03:35:23.402000',1,65,NULL,573,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=65
|
|
INSERT INTO LOB_IDS VALUES(65,573,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(26,1709346750724,1,200,1709346924701,311,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Content-Type, Date, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:24 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(66,323,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 67
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=65
|
|
INSERT INTO BLOCKS VALUES(65,1,0)
|
|
INSERT INTO BLOCKS VALUES(66,2147483581,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=65
|
|
INSERT INTO LOBS VALUES(65,1,0,66)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(66,1,'2024-03-02 03:35:25.014000',1,66,NULL,323,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=66
|
|
INSERT INTO LOB_IDS VALUES(66,323,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(41,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',26,26,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(85,41,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=20 AND FLAGS='' AND VALS='https://play.cscg.live'
|
|
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',21,'','https://play.cscg.live')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(86,41,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=15 AND FLAGS='' AND VALS='Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
|
|
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',16,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=20 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
|
|
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',21,'','h3=":443"; ma=2592000')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=15 AND FLAGS='' AND VALS='application/grpc-web+proto'
|
|
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',16,'','application/grpc-web+proto')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=20 AND FLAGS='' AND VALS='Caddy'
|
|
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',21,'','Caddy')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=15 AND FLAGS='' AND VALS='Origin'
|
|
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',16,'','Origin')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=20 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:23 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT'
|
|
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',21,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:23 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:24 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=15 AND FLAGS='' AND VALS='129'
|
|
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',16,'','129')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(67,552,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 68
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=66
|
|
INSERT INTO BLOCKS VALUES(66,1,0)
|
|
INSERT INTO BLOCKS VALUES(67,2147483580,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=66
|
|
INSERT INTO LOBS VALUES(66,1,0,67)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(67,1,'2024-03-02 03:35:25.220000',1,67,NULL,552,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=67
|
|
INSERT INTO LOB_IDS VALUES(67,552,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(42,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',26,26,'','',693,15,3,'','10021')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(87,42,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(88,42,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(68,573,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 69
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=67
|
|
INSERT INTO BLOCKS VALUES(67,1,0)
|
|
INSERT INTO BLOCKS VALUES(68,2147483579,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=67
|
|
INSERT INTO LOBS VALUES(67,1,0,68)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(68,1,'2024-03-02 03:35:25.224000',1,68,NULL,573,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=68
|
|
INSERT INTO LOB_IDS VALUES(68,573,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(69,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 70
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=68
|
|
INSERT INTO BLOCKS VALUES(68,1,0)
|
|
INSERT INTO BLOCKS VALUES(69,2147483578,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=68
|
|
INSERT INTO LOBS VALUES(68,1,0,69)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(69,1,'2024-03-02 03:35:27.951000',1,69,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=69
|
|
INSERT INTO LOB_IDS VALUES(69,64,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(70,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 71
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=69
|
|
INSERT INTO BLOCKS VALUES(69,1,0)
|
|
INSERT INTO BLOCKS VALUES(70,2147483577,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=69
|
|
INSERT INTO LOBS VALUES(69,1,0,70)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(70,1,'2024-03-02 03:35:37.956000',1,70,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=70
|
|
INSERT INTO LOB_IDS VALUES(70,64,1,40)
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=0
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=1
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=2
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=1
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=3
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=4
|
|
COMMIT
|
|
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=1
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(71,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 72
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=70
|
|
INSERT INTO BLOCKS VALUES(70,1,0)
|
|
INSERT INTO BLOCKS VALUES(71,2147483576,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=70
|
|
INSERT INTO LOBS VALUES(70,1,0,71)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(71,1,'2024-03-02 03:35:47.956000',1,71,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=71
|
|
INSERT INTO LOB_IDS VALUES(71,64,1,40)
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=8
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=19
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=20
|
|
COMMIT
|
|
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=7
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=9
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=21
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=22
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=10
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=23
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=24
|
|
COMMIT
|
|
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=8
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=11
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=25
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=26
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=12
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=27
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=28
|
|
COMMIT
|
|
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=9
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=13
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=29
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=30
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=14
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=31
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=32
|
|
COMMIT
|
|
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=10
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=15
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=33
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=34
|
|
COMMIT
|
|
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=11
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=16
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=35
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=36
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=17
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=37
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=38
|
|
COMMIT
|
|
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=12
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=18
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=39
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=40
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=19
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=41
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=42
|
|
COMMIT
|
|
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=13
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=20
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=43
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=44
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=21
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=45
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=46
|
|
COMMIT
|
|
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=14
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=23
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=49
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=50
|
|
COMMIT
|
|
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=15
|
|
COMMIT
|
|
DELETE FROM HISTORY WHERE HISTORYID=16
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=25
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=53
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=54
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=26
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=55
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=56
|
|
COMMIT
|
|
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=17
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=27
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=57
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=58
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=28
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=59
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=60
|
|
COMMIT
|
|
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=18
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=30
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=63
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=64
|
|
COMMIT
|
|
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=19
|
|
COMMIT
|
|
DELETE FROM HISTORY WHERE HISTORYID=20
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=32
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=67
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=68
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=33
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=69
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=70
|
|
COMMIT
|
|
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=21
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=34
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=71
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=72
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=35
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=73
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=74
|
|
COMMIT
|
|
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=22
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=37
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=77
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=78
|
|
COMMIT
|
|
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=23
|
|
COMMIT
|
|
DELETE FROM HISTORY WHERE HISTORYID=24
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=39
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=81
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=82
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=40
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=83
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=84
|
|
COMMIT
|
|
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=25
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=41
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=85
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=86
|
|
COMMIT
|
|
/*C5*/DELETE FROM ALERT WHERE ALERTID=42
|
|
COMMIT
|
|
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=87
|
|
DELETE FROM ALERT_TAG WHERE TAG_ID=88
|
|
COMMIT
|
|
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=3
|
|
COMMIT
|
|
DELETE FROM HISTORY WHERE HISTORYID=2
|
|
COMMIT
|
|
DELETE FROM HISTORY WHERE HISTORYID=26
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(72,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 73
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=71
|
|
INSERT INTO BLOCKS VALUES(71,1,0)
|
|
INSERT INTO BLOCKS VALUES(72,2147483575,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=71
|
|
INSERT INTO LOBS VALUES(71,1,0,72)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(72,1,'2024-03-02 03:35:57.957000',1,72,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=72
|
|
INSERT INTO LOB_IDS VALUES(72,64,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(73,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 74
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=72
|
|
INSERT INTO BLOCKS VALUES(72,1,0)
|
|
INSERT INTO BLOCKS VALUES(73,2147483574,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=72
|
|
INSERT INTO LOBS VALUES(72,1,0,73)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(73,1,'2024-03-02 03:36:07.957000',1,73,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=73
|
|
INSERT INTO LOB_IDS VALUES(73,64,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(74,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 75
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=73
|
|
INSERT INTO BLOCKS VALUES(73,1,0)
|
|
INSERT INTO BLOCKS VALUES(74,2147483573,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=73
|
|
INSERT INTO LOBS VALUES(73,1,0,74)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(74,1,'2024-03-02 03:36:17.963000',1,74,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=74
|
|
INSERT INTO LOB_IDS VALUES(74,64,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(75,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 76
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=74
|
|
INSERT INTO BLOCKS VALUES(74,1,0)
|
|
INSERT INTO BLOCKS VALUES(75,2147483572,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=74
|
|
INSERT INTO LOBS VALUES(74,1,0,75)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(75,1,'2024-03-02 03:36:27.964000',1,75,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=75
|
|
INSERT INTO LOB_IDS VALUES(75,64,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(76,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 77
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=75
|
|
INSERT INTO BLOCKS VALUES(75,1,0)
|
|
INSERT INTO BLOCKS VALUES(76,2147483571,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=75
|
|
INSERT INTO LOBS VALUES(75,1,0,76)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(76,1,'2024-03-02 03:36:37.967000',1,76,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=76
|
|
INSERT INTO LOB_IDS VALUES(76,64,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(77,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 78
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=76
|
|
INSERT INTO BLOCKS VALUES(76,1,0)
|
|
INSERT INTO BLOCKS VALUES(77,2147483570,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=76
|
|
INSERT INTO LOBS VALUES(76,1,0,77)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(77,1,'2024-03-02 03:36:47.973000',1,77,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=77
|
|
INSERT INTO LOB_IDS VALUES(77,64,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(78,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 79
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=77
|
|
INSERT INTO BLOCKS VALUES(77,1,0)
|
|
INSERT INTO BLOCKS VALUES(78,2147483569,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=77
|
|
INSERT INTO LOBS VALUES(77,1,0,78)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(78,1,'2024-03-02 03:36:57.976000',1,78,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=78
|
|
INSERT INTO LOB_IDS VALUES(78,64,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(79,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 80
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=78
|
|
INSERT INTO BLOCKS VALUES(78,1,0)
|
|
INSERT INTO BLOCKS VALUES(79,2147483568,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=78
|
|
INSERT INTO LOBS VALUES(78,1,0,79)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(79,1,'2024-03-02 03:37:08.102000',1,79,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=79
|
|
INSERT INTO LOB_IDS VALUES(79,64,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(80,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 81
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=79
|
|
INSERT INTO BLOCKS VALUES(79,1,0)
|
|
INSERT INTO BLOCKS VALUES(80,2147483567,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=79
|
|
INSERT INTO LOBS VALUES(79,1,0,80)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(80,1,'2024-03-02 03:37:18.133000',1,80,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=80
|
|
INSERT INTO LOB_IDS VALUES(80,64,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(81,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 82
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=80
|
|
INSERT INTO BLOCKS VALUES(80,1,0)
|
|
INSERT INTO BLOCKS VALUES(81,2147483566,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=80
|
|
INSERT INTO LOBS VALUES(80,1,0,81)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(81,1,'2024-03-02 03:37:28.152000',1,81,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=81
|
|
INSERT INTO LOB_IDS VALUES(81,64,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(82,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 83
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=81
|
|
INSERT INTO BLOCKS VALUES(81,1,0)
|
|
INSERT INTO BLOCKS VALUES(82,2147483565,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=81
|
|
INSERT INTO LOBS VALUES(81,1,0,82)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(82,1,'2024-03-02 03:37:38.962000',1,82,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=82
|
|
INSERT INTO LOB_IDS VALUES(82,64,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(27,1709346750724,15,200,1709347068648,206,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Windows 95; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/\u000d\u000aUpgrade-Insecure-Requests: 1\u000d\u000aSec-Fetch-Dest: document\u000d\u000aSec-Fetch-Mode: navigate\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000aSec-Fetch-User: ?1\u000d\u000acontent-length: 0\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:37:48 GMT\u000d\u000aContent-Type: text/html\u000d\u000aContent-Length: 1366\u000d\u000aLast-Modified: Thu, 01 Jan 1970 00:00:01 GMT\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-556"\u000d\u000aCache-Control: no-store\u000d\u000aAccept-Ranges: bytes\u000d\u000a\u000d\u000a','3c68746d6c3e0a3c686561643e0a202020203c7469746c653e496e74726f20746f2057656220323c2f7469746c653e0a202020203c6d65746120636861727365743d225554462d38223e0a202020203c6c696e6b2072656c3d227374796c6573686565742220747970653d22746578742f6373732220687265663d227374796c652e63737322202f3e0a3c2f686561643e0a3c626f64793e0a3c68313e24284745524d414e5f4349545929205472616d205469636b6574204d616368696e653c2f68313e0a0a3c68333e47657420796f7572203c7370616e207374796c653d22746578742d6465636f726174696f6e3a206c696e652d7468726f7567683b223e7469636b65743c2f7370616e3e20666c61672068657265213c2f68333e0a3c68723e0a57697468207468652068656c70206f66206f75722073746174652d6f662d7468652d61727420666c6f707079206469736b20737769746368696e6720726f626f74732c20796f752063616e206e6f772072656164207468652066697273740a70617274206f662074686520666c616720696e207265616c2074696d65210a3c703e0a466c6167207061727420312f343a203c7370616e207374796c653d22636f6c6f723a20677265656e3b20666f6e742d66616d696c793a2027436f7572696572204e6577272c206d6f6e6f73706163653b223e0a20202020435343477b3c7370616e2069643d22666c6167223e2e2e2e2e2e2e2e2e3c2f7370616e3e3c2f7370616e3e0a0a3c212d2d0a4e6f2074696d6520746f20776169742c2072696768743f0a2d2d3e0a0a3c7363726970743e0a666c6167203d20226c396a6a3535304b220a73796d626f6c7352657665616c6564203d20300a7761697454696d65203d20313030303b0a0a66756e6374696f6e206e65787453796d626f6c2829207b0a202020206966202873796d626f6c7352657665616c6564203e3d20666c61672e6c656e677468292072657475726e3b0a2020202073796d626f6c7352657665616c65642b2b3b0a0a202020207761697454696d65202a3d20323b0a2020202073657454696d656f7574286e65787453796d626f6c2c207761697454696d65293b0a7d0a0a66756e6374696f6e207370696e2829207b0a20202020636f6e737420666c616750617274203d20666c61672e73756273747228302c2073796d626f6c7352657665616c6564293b0a20202020636f6e737420616c706861626574203d2028224142434445464748494a4b4c4d4e4f5052535455565758595a61626364656668696b6c6d6e6f727374757677787a3031323334353637383922290a20202020636f6e73742072616e646f6d53796d626f6c203d0a202020202020202073796d626f6c7352657665616c6564203c20666c61672e6c656e6774680a2020202020202020202020203f20616c7068616265742e636861724174284d6174682e666c6f6f72284d6174682e72616e646f6d2829202a20616c7068616265742e6c656e67746829290a2020202020202020202020203a2022223b0a20202020636f6e737420737566666978203d20222e222e726570656174284d6174682e6d617828302c20666c61672e6c656e677468202d2031202d2073796d626f6c7352657665616c656429293b0a0a20202020646f63756d656e742e676574456c656d656e74427949642822666c616722292e696e6e657248544d4c203d20666c616750617274202b2072616e646f6d53796d626f6c202b207375666669783b0a7d0a0a73657454696d656f7574286e65787453796d626f6c2c207761697454696d65293b0a736574496e74657276616c287370696e2c203530293b0a3c2f7363726970743e0a0a3c2f626f64793e0a3c2f68746d6c3e',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(83,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 84
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=82
|
|
INSERT INTO BLOCKS VALUES(82,1,0)
|
|
INSERT INTO BLOCKS VALUES(83,2147483564,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=82
|
|
INSERT INTO LOBS VALUES(82,1,0,83)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(83,1,'2024-03-02 03:37:49.010000',1,83,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=83
|
|
INSERT INTO LOB_IDS VALUES(83,64,1,40)
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=9 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Server' AND USED=2 AND FLAGS='' AND VALS='nginx/1.24.0'
|
|
INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',3,'','nginx/1.24.0')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=10 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Date' AND USED=2 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT'
|
|
INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',3,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=11 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Type' AND USED=2 AND FLAGS='' AND VALS='text/html,text/plain'
|
|
INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',3,'','text/html,text/plain')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=12 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Length' AND USED=2 AND FLAGS='' AND VALS='287,384'
|
|
INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',3,'','287,1366,384')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=15 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Last-Modified' AND USED=1 AND FLAGS='' AND VALS='Thu%2C 01 Jan 1970 00:00:01 GMT'
|
|
INSERT INTO PARAM VALUES(15,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Last-Modified',2,'','Thu%2C 01 Jan 1970 00:00:01 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=13 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Connection' AND USED=2 AND FLAGS='' AND VALS='keep-alive'
|
|
INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',3,'','keep-alive')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=14 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='ETag' AND USED=2 AND FLAGS='' AND VALS='"1-180","1-11f"'
|
|
INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',3,'','"1-180","1-11f","1-556"')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=16 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Cache-Control' AND USED=1 AND FLAGS='' AND VALS='no-store'
|
|
INSERT INTO PARAM VALUES(16,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Cache-Control',2,'','no-store')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=17 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Accept-Ranges' AND USED=1 AND FLAGS='' AND VALS='bytes'
|
|
INSERT INTO PARAM VALUES(17,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Accept-Ranges',2,'','bytes')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(43,0,10020,'Missing Anti-clickjacking Header',2,2,'The response does not include either Content-Security-Policy with ''frame-ancestors'' directive or X-Frame-Options to protect against ''ClickJacking'' attacks.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','x-frame-options','','Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\u000aIf you expect the page to be framed only by pages on your server (e.g. it''s part of a FRAMESET) then you''ll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy''s "frame-ancestors" directive.','https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options',27,27,'','',1021,15,3,'','10020-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(89,43,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(90,43,'WSTG-v42-CLNT-09','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(91,43,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(84,630,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 85
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=83
|
|
INSERT INTO BLOCKS VALUES(83,1,0)
|
|
INSERT INTO BLOCKS VALUES(84,2147483563,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=83
|
|
INSERT INTO LOBS VALUES(83,1,0,84)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(84,1,'2024-03-02 03:37:49.436000',1,84,NULL,630,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=84
|
|
INSERT INTO LOB_IDS VALUES(84,630,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(44,0,10015,'Re-examine Cache-control Directives',0,1,'The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','cache-control','','For secure content, ensure the cache-control HTTP header is set with "no-cache, no-store, must-revalidate". If an asset should be cached consider setting the directives "public, max-age, immutable".','https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\u000ahttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control\u000ahttps://grayduck.mn/2021/09/13/cache-control-recommendations/',27,27,'','no-store',525,13,3,'','10015')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(92,44,'WSTG-v42-ATHN-06','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(85,635,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 86
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=84
|
|
INSERT INTO BLOCKS VALUES(84,1,0)
|
|
INSERT INTO BLOCKS VALUES(85,2147483562,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=84
|
|
INSERT INTO LOBS VALUES(84,1,0,85)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(85,1,'2024-03-02 03:37:49.459000',1,85,NULL,635,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=85
|
|
INSERT INTO LOB_IDS VALUES(85,635,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(45,0,10038,'Content Security Policy (CSP) Header Not Set',2,3,'Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page \u2014 covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.','https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy\u000ahttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\u000ahttps://www.w3.org/TR/CSP/\u000ahttps://w3c.github.io/webappsec-csp/\u000ahttps://web.dev/articles/csp\u000ahttps://caniuse.com/#feat=contentsecuritypolicy\u000ahttps://content-security-policy.com/',27,27,'','',693,15,3,'','10038-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(93,45,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(94,45,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(86,625,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 87
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=85
|
|
INSERT INTO BLOCKS VALUES(85,1,0)
|
|
INSERT INTO BLOCKS VALUES(86,2147483561,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=85
|
|
INSERT INTO LOBS VALUES(85,1,0,86)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(86,1,'2024-03-02 03:37:49.464000',1,86,NULL,625,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=86
|
|
INSERT INTO LOB_IDS VALUES(86,625,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(46,0,10109,'Modern Web Application',0,2,'The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','No links have been found while there are scripts, which is an indication that this is a modern web application.','This is an informational alert and so no changes are required.','',27,27,'','<script>\u000aflag = "l9jj550K"\u000asymbolsRevealed = 0\u000awaitTime = 1000;\u000a\u000afunction nextSymbol() {\u000a if (symbolsRevealed >= flag.length) return;\u000a symbolsRevealed++;\u000a\u000a waitTime *= 2;\u000a setTimeout(nextSymbol, waitTime);\u000a}\u000a\u000afunction spin() {\u000a const flagPart = flag.substr(0, symbolsRevealed);\u000a const alphabet = ("ABCDEFGHIJKLMNOPRSTUVWXYZabcdefhiklmnorstuvwxz0123456789")\u000a const randomSymbol =\u000a symbolsRevealed < flag.length\u000a ? alphabet.charAt(Math.floor(Math.random() * alphabet.length))\u000a : "";\u000a const suffix = ".".repeat(Math.max(0, flag.length - 1 - symbolsRevealed));\u000a\u000a document.getElementById("flag").innerHTML = flagPart + randomSymbol + suffix;\u000a}\u000a\u000asetTimeout(nextSymbol, waitTime);\u000asetInterval(spin, 50);\u000a</script>',-1,-1,3,'','10109')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(87,612,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 88
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=86
|
|
INSERT INTO BLOCKS VALUES(86,1,0)
|
|
INSERT INTO BLOCKS VALUES(87,2147483560,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=86
|
|
INSERT INTO LOBS VALUES(86,1,0,87)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(87,1,'2024-03-02 03:37:49.486000',1,87,NULL,612,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=87
|
|
INSERT INTO LOB_IDS VALUES(87,612,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(47,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',27,27,'','nginx/1.24.0',200,13,3,'','10036')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(95,47,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(96,47,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(97,47,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(88,652,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 89
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=87
|
|
INSERT INTO BLOCKS VALUES(87,1,0)
|
|
INSERT INTO BLOCKS VALUES(88,2147483559,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=87
|
|
INSERT INTO LOBS VALUES(87,1,0,88)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(88,1,'2024-03-02 03:37:49.514000',1,88,NULL,652,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=88
|
|
INSERT INTO LOB_IDS VALUES(88,652,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(48,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',27,27,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(98,48,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(99,48,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(89,618,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 90
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=88
|
|
INSERT INTO BLOCKS VALUES(88,1,0)
|
|
INSERT INTO BLOCKS VALUES(89,2147483558,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=88
|
|
INSERT INTO LOBS VALUES(88,1,0,89)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(89,1,'2024-03-02 03:37:49.518000',1,89,NULL,618,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=89
|
|
INSERT INTO LOB_IDS VALUES(89,618,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(49,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',27,27,'','',693,15,3,'','10021')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(100,49,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(101,49,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(90,639,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 91
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=89
|
|
INSERT INTO BLOCKS VALUES(89,1,0)
|
|
INSERT INTO BLOCKS VALUES(90,2147483557,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=89
|
|
INSERT INTO LOBS VALUES(89,1,0,90)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(90,1,'2024-03-02 03:37:49.522000',1,90,NULL,639,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=90
|
|
INSERT INTO LOB_IDS VALUES(90,639,1,40)
|
|
COMMIT
|
|
/*C8*/SET SCHEMA PUBLIC
|
|
INSERT INTO TAG VALUES(1,27,'Script')
|
|
COMMIT
|
|
INSERT INTO TAG VALUES(2,27,'Comment')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(91,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 92
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=90
|
|
INSERT INTO BLOCKS VALUES(90,1,0)
|
|
INSERT INTO BLOCKS VALUES(91,2147483556,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=90
|
|
INSERT INTO LOBS VALUES(90,1,0,91)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(91,1,'2024-03-02 03:37:59.053000',1,91,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=91
|
|
INSERT INTO LOB_IDS VALUES(91,64,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(92,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 93
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=91
|
|
INSERT INTO BLOCKS VALUES(91,1,0)
|
|
INSERT INTO BLOCKS VALUES(92,2147483555,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=91
|
|
INSERT INTO LOBS VALUES(91,1,0,92)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(92,1,'2024-03-02 03:38:09.054000',1,92,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=92
|
|
INSERT INTO LOB_IDS VALUES(92,64,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(93,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 94
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=92
|
|
INSERT INTO BLOCKS VALUES(92,1,0)
|
|
INSERT INTO BLOCKS VALUES(93,2147483554,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=92
|
|
INSERT INTO LOBS VALUES(92,1,0,93)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(93,1,'2024-03-02 03:38:19.056000',1,93,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=93
|
|
INSERT INTO LOB_IDS VALUES(93,64,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(94,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 95
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=93
|
|
INSERT INTO BLOCKS VALUES(93,1,0)
|
|
INSERT INTO BLOCKS VALUES(94,2147483553,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=93
|
|
INSERT INTO LOBS VALUES(93,1,0,94)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(94,1,'2024-03-02 03:38:29.059000',1,94,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=94
|
|
INSERT INTO LOB_IDS VALUES(94,64,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(95,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 96
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=94
|
|
INSERT INTO BLOCKS VALUES(94,1,0)
|
|
INSERT INTO BLOCKS VALUES(95,2147483552,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=94
|
|
INSERT INTO LOBS VALUES(94,1,0,95)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(95,1,'2024-03-02 03:38:39.059000',1,95,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=95
|
|
INSERT INTO LOB_IDS VALUES(95,64,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(28,1709346750724,1,403,1709347121300,30,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aUpgrade-Insecure-Requests: 1\u000d\u000aSec-Fetch-Dest: document\u000d\u000aSec-Fetch-Mode: navigate\u000d\u000aSec-Fetch-Site: none\u000d\u000aSec-Fetch-User: ?1\u000d\u000a\u000d\u000a','','HTTP/1.1 403 Forbidden\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:38:41 GMT\u000d\u000aContent-Type: text/html\u000d\u000aContent-Length: 384\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-180"\u000d\u000a\u000d\u000a','3c68746d6c3e0a3c686561643e0a202020203c7469746c653e496e74726f20746f2057656220323c2f7469746c653e0a202020203c6d65746120636861727365743d225554462d38223e0a202020203c6c696e6b2072656c3d227374796c6573686565742220747970653d22746578742f6373732220687265663d227374796c652e63737322202f3e0a3c2f686561643e0a3c626f64793e0a3c68313e24284745524d414e5f4349545929205472616d205469636b6574204d616368696e653c2f68313e0a0a3c68333e3c7370616e207374796c653d22636f6c6f723a20726564223e496e736563757265206f7065726174696e672073797374656d213c2f7370616e3e3c2f68333e0a3c68723e0a466f7220734563557249745920724561536f4e732c20796f75206e65656420746f2075706461746520796f75722073797374656d20746f2057696e646f7773203935206265666f726520616363657373696e6720746869732077656273697465210a3c2f626f64793e0a3c2f68746d6c3e',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(96,354,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 97
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=95
|
|
INSERT INTO BLOCKS VALUES(95,1,0)
|
|
INSERT INTO BLOCKS VALUES(96,2147483551,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=95
|
|
INSERT INTO LOBS VALUES(95,1,0,96)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(96,1,'2024-03-02 03:38:41.333000',1,96,NULL,354,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=96
|
|
INSERT INTO LOB_IDS VALUES(96,354,1,40)
|
|
COMMIT
|
|
/*C3*/INSERT INTO HISTORY VALUES(29,1709346750724,1,200,1709347121392,40,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/css,*/*;q=0.1\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html\u000d\u000aSec-Fetch-Dest: style\u000d\u000aSec-Fetch-Mode: no-cors\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:38:41 GMT\u000d\u000aContent-Type: text/plain\u000d\u000aContent-Length: 287\u000d\u000aLast-Modified: Thu, 01 Jan 1970 00:00:01 GMT\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-11f"\u000d\u000aCache-Control: no-store\u000d\u000aAccept-Ranges: bytes\u000d\u000a\u000d\u000a','68746d6c207b0a202020206d61782d77696474683a20373063683b0a2020202070616464696e673a2033656d2031656d3b0a202020206d617267696e3a206175746f3b0a202020206c696e652d6865696768743a20312e37353b0a20202020666f6e742d73697a653a20312e3235656d3b0a0a202020206261636b67726f756e642d636f6c6f723a20233145323132323b0a20202020636f6c6f723a20234244423741463b0a7d0a68312c2068322c206833207b0a20202020636f6c6f723a20234538453645333b0a7d0a6872207b0a202020206d617267696e2d746f703a202d31656d3b0a7d0a61207b0a20202020636f6c6f723a206c69676874626c75653b0a20202020746578742d6465636f726174696f6e3a206e6f6e653b0a7d0a',NULL,'',TRUE)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(50,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',29,29,'','nginx/1.24.0',200,13,3,'','10036')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(102,50,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(103,50,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(104,50,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=9 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Server' AND USED=3 AND FLAGS='' AND VALS='nginx/1.24.0'
|
|
INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',4,'','nginx/1.24.0')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=10 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Date' AND USED=3 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT'
|
|
INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',4,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:38:41 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=11 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Type' AND USED=3 AND FLAGS='' AND VALS='text/html,text/plain'
|
|
INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',4,'','text/html,text/plain')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=12 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Length' AND USED=3 AND FLAGS='' AND VALS='287,1366,384'
|
|
INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',4,'','287,1366,384')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=13 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Connection' AND USED=3 AND FLAGS='' AND VALS='keep-alive'
|
|
INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',4,'','keep-alive')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=14 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='ETag' AND USED=3 AND FLAGS='' AND VALS='"1-180","1-11f","1-556"'
|
|
INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',4,'','"1-180","1-11f","1-556"')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=9 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Server' AND USED=4 AND FLAGS='' AND VALS='nginx/1.24.0'
|
|
INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',5,'','nginx/1.24.0')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=10 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Date' AND USED=4 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:38:41 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT'
|
|
INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',5,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:38:41 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=11 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Type' AND USED=4 AND FLAGS='' AND VALS='text/html,text/plain'
|
|
INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',5,'','text/html,text/plain')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(51,0,10038,'Content Security Policy (CSP) Header Not Set',2,3,'Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page \u2014 covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.','https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy\u000ahttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\u000ahttps://www.w3.org/TR/CSP/\u000ahttps://w3c.github.io/webappsec-csp/\u000ahttps://web.dev/articles/csp\u000ahttps://caniuse.com/#feat=contentsecuritypolicy\u000ahttps://content-security-policy.com/',28,28,'','',693,15,3,'','10038-1')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=12 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Length' AND USED=4 AND FLAGS='' AND VALS='287,1366,384'
|
|
INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',5,'','287,1366,384')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(97,339,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 98
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=96
|
|
INSERT INTO BLOCKS VALUES(96,1,0)
|
|
INSERT INTO BLOCKS VALUES(97,2147483550,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=96
|
|
INSERT INTO LOBS VALUES(96,1,0,97)
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(105,51,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(106,51,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=15 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Last-Modified' AND USED=2 AND FLAGS='' AND VALS='Thu%2C 01 Jan 1970 00:00:01 GMT'
|
|
INSERT INTO PARAM VALUES(15,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Last-Modified',3,'','Thu%2C 01 Jan 1970 00:00:01 GMT')
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(97,1,'2024-03-02 03:38:41.437000',1,97,NULL,339,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=97
|
|
INSERT INTO LOB_IDS VALUES(97,339,1,40)
|
|
COMMIT
|
|
/*C10*/DELETE FROM PARAM WHERE PARAMID=13 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Connection' AND USED=4 AND FLAGS='' AND VALS='keep-alive'
|
|
INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',5,'','keep-alive')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=14 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='ETag' AND USED=4 AND FLAGS='' AND VALS='"1-180","1-11f","1-556"'
|
|
INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',5,'','"1-180","1-11f","1-556"')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=16 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Cache-Control' AND USED=2 AND FLAGS='' AND VALS='no-store'
|
|
INSERT INTO PARAM VALUES(16,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Cache-Control',3,'','no-store')
|
|
COMMIT
|
|
DELETE FROM PARAM WHERE PARAMID=17 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Accept-Ranges' AND USED=2 AND FLAGS='' AND VALS='bytes'
|
|
INSERT INTO PARAM VALUES(17,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Accept-Ranges',3,'','bytes')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(98,625,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 99
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=97
|
|
INSERT INTO BLOCKS VALUES(97,1,0)
|
|
INSERT INTO BLOCKS VALUES(98,2147483549,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=97
|
|
INSERT INTO LOBS VALUES(97,1,0,98)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(98,1,'2024-03-02 03:38:41.439000',1,98,NULL,625,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=98
|
|
INSERT INTO LOB_IDS VALUES(98,625,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(99,622,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 100
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=98
|
|
INSERT INTO BLOCKS VALUES(98,1,0)
|
|
INSERT INTO BLOCKS VALUES(99,2147483548,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=98
|
|
INSERT INTO LOBS VALUES(98,1,0,99)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(99,1,'2024-03-02 03:38:41.440000',1,99,NULL,622,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=99
|
|
INSERT INTO LOB_IDS VALUES(99,622,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(52,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',29,29,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
INSERT INTO ALERT VALUES(53,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',28,28,'','nginx/1.24.0',200,13,3,'','10036')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(107,53,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(108,53,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(109,53,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(110,52,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(111,52,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(100,588,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 101
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=99
|
|
INSERT INTO BLOCKS VALUES(99,1,0)
|
|
INSERT INTO BLOCKS VALUES(100,2147483547,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=99
|
|
INSERT INTO LOBS VALUES(99,1,0,100)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(101,1,'2024-03-02 03:38:41.449000',1,100,NULL,588,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=100
|
|
INSERT INTO LOB_IDS VALUES(100,588,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(101,652,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 102
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=100
|
|
INSERT INTO BLOCKS VALUES(100,1,0)
|
|
INSERT INTO BLOCKS VALUES(101,2147483546,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=100
|
|
INSERT INTO LOBS VALUES(100,1,0,101)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(100,1,'2024-03-02 03:38:41.449000',1,101,NULL,652,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=101
|
|
INSERT INTO LOB_IDS VALUES(101,652,1,40)
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(54,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',28,28,'','',319,15,3,'','10035-1')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(112,54,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(113,54,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C5*/INSERT INTO ALERT VALUES(55,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',29,29,'','',693,15,3,'','10021')
|
|
COMMIT
|
|
/*C6*/INSERT INTO ALERT_TAG VALUES(114,55,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
|
|
COMMIT
|
|
INSERT INTO ALERT_TAG VALUES(115,55,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(102,618,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 103
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=101
|
|
INSERT INTO BLOCKS VALUES(101,1,0)
|
|
INSERT INTO BLOCKS VALUES(102,2147483545,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=101
|
|
INSERT INTO LOBS VALUES(101,1,0,102)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(103,1,'2024-03-02 03:38:41.472000',1,102,NULL,618,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=102
|
|
INSERT INTO LOB_IDS VALUES(102,618,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(103,609,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 104
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=102
|
|
INSERT INTO BLOCKS VALUES(102,1,0)
|
|
INSERT INTO BLOCKS VALUES(103,2147483544,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=102
|
|
INSERT INTO LOBS VALUES(102,1,0,103)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(102,1,'2024-03-02 03:38:41.472000',1,103,NULL,609,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=103
|
|
INSERT INTO LOB_IDS VALUES(103,609,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(104,201,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 105
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=103
|
|
INSERT INTO BLOCKS VALUES(103,1,0)
|
|
INSERT INTO BLOCKS VALUES(104,2147483543,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=103
|
|
INSERT INTO LOBS VALUES(103,1,0,104)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(104,1,'2024-03-02 03:38:41.813000',1,104,NULL,201,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=104
|
|
INSERT INTO LOB_IDS VALUES(104,201,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(105,2013,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 106
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=104
|
|
INSERT INTO BLOCKS VALUES(104,1,0)
|
|
INSERT INTO BLOCKS VALUES(105,2147483542,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=104
|
|
INSERT INTO LOBS VALUES(104,1,0,105)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(105,1,'2024-03-02 03:38:41.817000',1,105,NULL,2013,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=105
|
|
INSERT INTO LOB_IDS VALUES(105,2013,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(106,176,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 107
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=105
|
|
INSERT INTO BLOCKS VALUES(105,1,0)
|
|
INSERT INTO BLOCKS VALUES(106,2147483541,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=105
|
|
INSERT INTO LOBS VALUES(105,1,0,106)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(106,1,'2024-03-02 03:38:41.817000',1,106,NULL,176,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=106
|
|
INSERT INTO LOB_IDS VALUES(106,176,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(107,2662,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 108
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=106
|
|
INSERT INTO BLOCKS VALUES(106,1,0)
|
|
INSERT INTO BLOCKS VALUES(107,2147483540,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=106
|
|
INSERT INTO LOBS VALUES(106,1,0,107)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(107,1,'2024-03-02 03:38:41.821000',1,107,NULL,2662,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=107
|
|
INSERT INTO LOB_IDS VALUES(107,2662,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(108,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 109
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=107
|
|
INSERT INTO BLOCKS VALUES(107,1,0)
|
|
INSERT INTO BLOCKS VALUES(108,2147483539,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=107
|
|
INSERT INTO LOBS VALUES(107,1,0,108)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(108,1,'2024-03-02 03:38:49.061000',1,108,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=108
|
|
INSERT INTO LOB_IDS VALUES(108,64,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(109,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 110
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=108
|
|
INSERT INTO BLOCKS VALUES(108,1,0)
|
|
INSERT INTO BLOCKS VALUES(109,2147483538,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=108
|
|
INSERT INTO LOBS VALUES(108,1,0,109)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(109,1,'2024-03-02 03:38:59.082000',1,109,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=109
|
|
INSERT INTO LOB_IDS VALUES(109,64,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(110,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 111
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=109
|
|
INSERT INTO BLOCKS VALUES(109,1,0)
|
|
INSERT INTO BLOCKS VALUES(110,2147483537,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=109
|
|
INSERT INTO LOBS VALUES(109,1,0,110)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(110,1,'2024-03-02 03:39:09.067000',1,110,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=110
|
|
INSERT INTO LOB_IDS VALUES(110,64,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(111,64,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 112
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=110
|
|
INSERT INTO BLOCKS VALUES(110,1,0)
|
|
INSERT INTO BLOCKS VALUES(111,2147483536,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=110
|
|
INSERT INTO LOBS VALUES(110,1,0,111)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(111,1,'2024-03-02 03:39:19.068000',1,111,NULL,64,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=111
|
|
INSERT INTO LOB_IDS VALUES(111,64,1,40)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(112,4,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 113
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=111
|
|
INSERT INTO BLOCKS VALUES(111,1,0)
|
|
INSERT INTO BLOCKS VALUES(112,2147483535,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=111
|
|
INSERT INTO LOBS VALUES(111,1,0,112)
|
|
COMMIT
|
|
/*C13*/SET SCHEMA PUBLIC
|
|
INSERT INTO WEBSOCKET_MESSAGE VALUES(112,1,'2024-03-02 03:39:49.071000',8,112,NULL,2,TRUE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=112
|
|
INSERT INTO LOB_IDS VALUES(112,4,1,40)
|
|
COMMIT
|
|
SET SCHEMA PUBLIC
|
|
DELETE FROM WEBSOCKET_CHANNEL WHERE CHANNEL_ID=1
|
|
INSERT INTO WEBSOCKET_CHANNEL VALUES(1,'zap',443,'','2024-03-02 03:34:57.550000','2024-03-02 03:40:10.105000',NULL)
|
|
COMMIT
|
|
/*C1*/INSERT INTO LOB_IDS VALUES(113,197,0,40)
|
|
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 114
|
|
COMMIT
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=112
|
|
INSERT INTO BLOCKS VALUES(112,1,0)
|
|
INSERT INTO BLOCKS VALUES(113,2147483534,0)
|
|
DELETE FROM BLOCKS WHERE BLOCK_ADDR=112
|
|
INSERT INTO LOBS VALUES(112,1,0,113)
|
|
COMMIT
|
|
/*C13*/INSERT INTO WEBSOCKET_MESSAGE VALUES(113,1,'2024-03-02 03:40:10.105000',1,113,NULL,197,FALSE)
|
|
SET SCHEMA SYSTEM_LOBS
|
|
DELETE FROM LOB_IDS WHERE LOB_ID=113
|
|
INSERT INTO LOB_IDS VALUES(113,197,1,40)
|
|
COMMIT
|