Files
ctf/cscg24/web/intro_web_2/intro_web_2_session.session.log

2904 lines
266 KiB
Plaintext

/*C2*/SET SCHEMA PUBLIC
SET FILES LOG TRUE
/*C4*/SET SCHEMA PUBLIC
DELETE FROM SESSION WHERE SESSIONID=1709346750724
INSERT INTO SESSION VALUES(1709346750724,'Untitled Session','2024-03-02 03:32:43.041776')
COMMIT
/*C3*/SET SCHEMA PUBLIC
INSERT INTO HISTORY VALUES(1,1709346750724,1,200,1709346894944,457,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:34:55 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
COMMIT
INSERT INTO HISTORY VALUES(2,1709346750724,0,0,0,0,'GET','https://api.cscg.live:444','GET https://api.cscg.live:444 HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','','',NULL,'',FALSE)
COMMIT
INSERT INTO HISTORY VALUES(3,1709346750724,0,0,0,0,'GET','https://api.cscg.live:444/platform.Platform','GET https://api.cscg.live:444/platform.Platform HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','','',NULL,'',FALSE)
COMMIT
/*C10*/SET SCHEMA PUBLIC
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',1,'','https://play.cscg.live')
COMMIT
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',1,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message')
COMMIT
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',1,'','h3=":443"; ma=2592000')
COMMIT
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',1,'','application/grpc-web+proto')
COMMIT
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',1,'','Caddy')
COMMIT
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',1,'','Origin')
COMMIT
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',1,'','Sat%2C 02 Mar 2024 02:34:55 GMT')
COMMIT
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',1,'','129')
COMMIT
/*C5*/SET SCHEMA PUBLIC
INSERT INTO ALERT VALUES(0,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',1,1,'','',319,15,3,'','10035-1')
COMMIT
/*C6*/SET SCHEMA PUBLIC
INSERT INTO ALERT_TAG VALUES(1,0,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(2,0,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(1,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',1,1,'','',693,15,3,'','10021')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(3,1,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(4,1,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(4,1709346750724,1,403,1709346896051,237,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/\u000d\u000aUpgrade-Insecure-Requests: 1\u000d\u000aSec-Fetch-Dest: document\u000d\u000aSec-Fetch-Mode: navigate\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000aSec-Fetch-User: ?1\u000d\u000a\u000d\u000a','','HTTP/1.1 403 Forbidden\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:34:56 GMT\u000d\u000aContent-Type: text/html\u000d\u000aContent-Length: 384\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-180"\u000d\u000a\u000d\u000a','3c68746d6c3e0a3c686561643e0a202020203c7469746c653e496e74726f20746f2057656220323c2f7469746c653e0a202020203c6d65746120636861727365743d225554462d38223e0a202020203c6c696e6b2072656c3d227374796c6573686565742220747970653d22746578742f6373732220687265663d227374796c652e63737322202f3e0a3c2f686561643e0a3c626f64793e0a3c68313e24284745524d414e5f4349545929205472616d205469636b6574204d616368696e653c2f68313e0a0a3c68333e3c7370616e207374796c653d22636f6c6f723a20726564223e496e736563757265206f7065726174696e672073797374656d213c2f7370616e3e3c2f68333e0a3c68723e0a466f7220734563557249745920724561536f4e732c20796f75206e65656420746f2075706461746520796f75722073797374656d20746f2057696e646f7773203935206265666f726520616363657373696e6720746869732077656273697465210a3c2f626f64793e0a3c2f68746d6c3e',NULL,'',TRUE)
COMMIT
INSERT INTO HISTORY VALUES(5,1709346750724,0,0,0,0,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337 HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/\u000d\u000aUpgrade-Insecure-Requests: 1\u000d\u000aSec-Fetch-Dest: document\u000d\u000aSec-Fetch-Mode: navigate\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000aSec-Fetch-User: ?1\u000d\u000a\u000d\u000a','','','',NULL,'',FALSE)
COMMIT
INSERT INTO HISTORY VALUES(6,1709346750724,1,200,1709346896338,23,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/css,*/*;q=0.1\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html\u000d\u000aSec-Fetch-Dest: style\u000d\u000aSec-Fetch-Mode: no-cors\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:34:56 GMT\u000d\u000aContent-Type: text/plain\u000d\u000aContent-Length: 287\u000d\u000aLast-Modified: Thu, 01 Jan 1970 00:00:01 GMT\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-11f"\u000d\u000aCache-Control: no-store\u000d\u000aAccept-Ranges: bytes\u000d\u000a\u000d\u000a','68746d6c207b0a202020206d61782d77696474683a20373063683b0a2020202070616464696e673a2033656d2031656d3b0a202020206d617267696e3a206175746f3b0a202020206c696e652d6865696768743a20312e37353b0a20202020666f6e742d73697a653a20312e3235656d3b0a0a202020206261636b67726f756e642d636f6c6f723a20233145323132323b0a20202020636f6c6f723a20234244423741463b0a7d0a68312c2068322c206833207b0a20202020636f6c6f723a20234538453645333b0a7d0a6872207b0a202020206d617267696e2d746f703a202d31656d3b0a7d0a61207b0a20202020636f6c6f723a206c69676874626c75653b0a20202020746578742d6465636f726174696f6e3a206e6f6e653b0a7d0a',NULL,'',TRUE)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(2,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',6,6,'','nginx/1.24.0',200,13,3,'','10036')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(5,2,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(6,2,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
INSERT INTO ALERT_TAG VALUES(7,2,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server')
COMMIT
/*C10*/INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',1,'','nginx/1.24.0')
COMMIT
INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',1,'','Sat%2C 02 Mar 2024 02:34:56 GMT')
COMMIT
INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',1,'','text/html')
COMMIT
INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',1,'','384')
COMMIT
INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',1,'','keep-alive')
COMMIT
INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',1,'','"1-180"')
COMMIT
DELETE FROM PARAM WHERE PARAMID=9 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Server' AND USED=1 AND FLAGS='' AND VALS='nginx/1.24.0'
INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',2,'','nginx/1.24.0')
COMMIT
DELETE FROM PARAM WHERE PARAMID=10 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Date' AND USED=1 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT'
INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',2,'','Sat%2C 02 Mar 2024 02:34:56 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=11 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Type' AND USED=1 AND FLAGS='' AND VALS='text/html'
INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',2,'','text/html,text/plain')
COMMIT
DELETE FROM PARAM WHERE PARAMID=12 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Length' AND USED=1 AND FLAGS='' AND VALS='384'
INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',2,'','287,384')
COMMIT
INSERT INTO PARAM VALUES(15,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Last-Modified',1,'','Thu%2C 01 Jan 1970 00:00:01 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=13 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Connection' AND USED=1 AND FLAGS='' AND VALS='keep-alive'
INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',2,'','keep-alive')
COMMIT
DELETE FROM PARAM WHERE PARAMID=14 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='ETag' AND USED=1 AND FLAGS='' AND VALS='"1-180"'
INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',2,'','"1-180","1-11f"')
COMMIT
INSERT INTO PARAM VALUES(16,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Cache-Control',1,'','no-store')
COMMIT
INSERT INTO PARAM VALUES(17,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Accept-Ranges',1,'','bytes')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(3,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',6,6,'','',319,15,3,'','10035-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(8,3,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(9,3,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(4,0,10038,'Content Security Policy (CSP) Header Not Set',2,3,'Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page \u2014 covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.','https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy\u000ahttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\u000ahttps://www.w3.org/TR/CSP/\u000ahttps://w3c.github.io/webappsec-csp/\u000ahttps://web.dev/articles/csp\u000ahttps://caniuse.com/#feat=contentsecuritypolicy\u000ahttps://content-security-policy.com/',4,4,'','',693,15,3,'','10038-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(10,4,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(11,4,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(5,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',6,6,'','',693,15,3,'','10021')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(12,5,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(13,5,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(6,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',4,4,'','nginx/1.24.0',200,13,3,'','10036')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(14,6,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(15,6,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
INSERT INTO ALERT_TAG VALUES(16,6,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(7,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',4,4,'','',319,15,3,'','10035-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(17,7,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(18,7,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(7,1709346750724,1,200,1709346896616,130,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:34:56 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE)
COMMIT
/*C10*/INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',1,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization')
COMMIT
INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',1,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE')
COMMIT
DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=1 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',2,'','https://play.cscg.live')
COMMIT
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=1 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',2,'','h3=":443"; ma=2592000')
COMMIT
INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',1,'','0')
COMMIT
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=1 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:55 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',2,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=1 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',2,'','Caddy')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(8,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',7,7,'','',319,15,3,'','10035-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(19,8,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(20,8,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(8,1709346750724,1,200,1709346896918,112,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:34:57 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=2 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',3,'','https://play.cscg.live')
COMMIT
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=1 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message'
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',2,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message')
COMMIT
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=2 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',3,'','h3=":443"; ma=2592000')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(9,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',8,8,'','',319,15,3,'','10035-1')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=1 AND FLAGS='' AND VALS='application/grpc-web+proto'
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',2,'','application/grpc-web+proto')
COMMIT
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=2 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',3,'','Caddy')
COMMIT
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=1 AND FLAGS='' AND VALS='Origin'
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',2,'','Origin')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(21,9,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(22,9,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=2 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',3,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=1 AND FLAGS='' AND VALS='129'
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',2,'','129')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(10,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',8,8,'','',693,15,3,'','10021')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(23,10,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(24,10,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_CHANNEL VALUES(1,'zap',443,'','2024-03-02 03:34:57.550000',NULL,NULL)
COMMIT
/*C1*/SET SCHEMA SYSTEM_LOBS
INSERT INTO LOB_IDS VALUES(1,61,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 2
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=0
INSERT INTO BLOCKS VALUES(0,1,0)
INSERT INTO BLOCKS VALUES(1,2147483646,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=0
INSERT INTO LOBS VALUES(0,1,0,1)
COMMIT
/*C13*/INSERT INTO WEBSOCKET_MESSAGE VALUES(1,1,'2024-03-02 03:34:57.691000',1,1,NULL,61,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=1
INSERT INTO LOB_IDS VALUES(1,61,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(2,77,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 3
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=1
INSERT INTO BLOCKS VALUES(1,1,0)
INSERT INTO BLOCKS VALUES(2,2147483645,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=1
INSERT INTO LOBS VALUES(1,1,0,2)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(2,1,'2024-03-02 03:34:57.707000',1,2,NULL,77,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=2
INSERT INTO LOB_IDS VALUES(2,77,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(3,49,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 4
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=2
INSERT INTO BLOCKS VALUES(2,1,0)
INSERT INTO BLOCKS VALUES(3,2147483644,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=2
INSERT INTO LOBS VALUES(2,1,0,3)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(3,1,'2024-03-02 03:34:57.712000',1,3,NULL,49,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=3
INSERT INTO LOB_IDS VALUES(3,49,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(4,120,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 5
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=3
INSERT INTO BLOCKS VALUES(3,1,0)
INSERT INTO BLOCKS VALUES(4,2147483643,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=3
INSERT INTO LOBS VALUES(3,1,0,4)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(4,1,'2024-03-02 03:34:57.714000',1,4,NULL,120,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=4
INSERT INTO LOB_IDS VALUES(4,120,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(5,117,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 6
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=4
INSERT INTO BLOCKS VALUES(4,1,0)
INSERT INTO BLOCKS VALUES(5,2147483642,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=4
INSERT INTO LOBS VALUES(4,1,0,5)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(5,1,'2024-03-02 03:34:57.733000',1,5,NULL,117,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=5
INSERT INTO LOB_IDS VALUES(5,117,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(6,112,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 7
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=5
INSERT INTO BLOCKS VALUES(5,1,0)
INSERT INTO BLOCKS VALUES(6,2147483641,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=5
INSERT INTO LOBS VALUES(5,1,0,6)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(6,1,'2024-03-02 03:34:57.735000',1,6,NULL,112,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=6
INSERT INTO LOB_IDS VALUES(6,112,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(7,108,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 8
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=6
INSERT INTO BLOCKS VALUES(6,1,0)
INSERT INTO BLOCKS VALUES(7,2147483640,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=6
INSERT INTO LOBS VALUES(6,1,0,7)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(7,1,'2024-03-02 03:34:57.796000',1,7,NULL,108,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=7
INSERT INTO LOB_IDS VALUES(7,108,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(8,118,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 9
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=7
INSERT INTO BLOCKS VALUES(7,1,0)
INSERT INTO BLOCKS VALUES(8,2147483639,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=7
INSERT INTO LOBS VALUES(7,1,0,8)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(8,1,'2024-03-02 03:34:57.802000',1,8,NULL,118,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=8
INSERT INTO LOB_IDS VALUES(8,118,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(9,110,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 10
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=8
INSERT INTO BLOCKS VALUES(8,1,0)
INSERT INTO BLOCKS VALUES(9,2147483638,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=8
INSERT INTO LOBS VALUES(8,1,0,9)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(9,1,'2024-03-02 03:34:57.805000',1,9,NULL,110,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=9
INSERT INTO LOB_IDS VALUES(9,110,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(10,130,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 11
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=9
INSERT INTO BLOCKS VALUES(9,1,0)
INSERT INTO BLOCKS VALUES(10,2147483637,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=9
INSERT INTO LOBS VALUES(9,1,0,10)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(10,1,'2024-03-02 03:34:57.814000',1,10,NULL,130,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=10
INSERT INTO LOB_IDS VALUES(10,130,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(11,114,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 12
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=10
INSERT INTO BLOCKS VALUES(10,1,0)
INSERT INTO BLOCKS VALUES(11,2147483636,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=10
INSERT INTO LOBS VALUES(10,1,0,11)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(11,1,'2024-03-02 03:34:57.822000',1,11,NULL,114,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=11
INSERT INTO LOB_IDS VALUES(11,114,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(12,106,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 13
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=11
INSERT INTO BLOCKS VALUES(11,1,0)
INSERT INTO BLOCKS VALUES(12,2147483635,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=11
INSERT INTO LOBS VALUES(11,1,0,12)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(12,1,'2024-03-02 03:34:57.823000',1,12,NULL,106,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=12
INSERT INTO LOB_IDS VALUES(12,106,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(13,201,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 14
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=12
INSERT INTO BLOCKS VALUES(12,1,0)
INSERT INTO BLOCKS VALUES(13,2147483634,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=12
INSERT INTO LOBS VALUES(12,1,0,13)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(13,1,'2024-03-02 03:34:57.951000',1,13,NULL,201,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=13
INSERT INTO LOB_IDS VALUES(13,201,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(14,960,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 15
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=13
INSERT INTO BLOCKS VALUES(13,1,0)
INSERT INTO BLOCKS VALUES(14,2147483633,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=13
INSERT INTO LOBS VALUES(13,1,0,14)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(14,1,'2024-03-02 03:34:57.960000',1,14,NULL,960,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=14
INSERT INTO LOB_IDS VALUES(14,960,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(15,176,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 16
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=14
INSERT INTO BLOCKS VALUES(14,1,0)
INSERT INTO BLOCKS VALUES(15,2147483632,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=14
INSERT INTO LOBS VALUES(14,1,0,15)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(15,1,'2024-03-02 03:34:57.963000',1,15,NULL,176,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=15
INSERT INTO LOB_IDS VALUES(15,176,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(16,1653,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 17
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=15
INSERT INTO BLOCKS VALUES(15,1,0)
INSERT INTO BLOCKS VALUES(16,2147483631,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=15
INSERT INTO LOBS VALUES(15,1,0,16)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(16,1,'2024-03-02 03:34:57.972000',1,16,NULL,1653,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=16
INSERT INTO LOB_IDS VALUES(16,1653,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(9,1709346750724,1,200,1709346898617,348,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:34:58 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(17,322,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 18
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=16
INSERT INTO BLOCKS VALUES(16,1,0)
INSERT INTO BLOCKS VALUES(17,2147483630,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=16
INSERT INTO LOBS VALUES(16,1,0,17)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(17,1,'2024-03-02 03:34:58.973000',1,17,NULL,322,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=17
INSERT INTO LOB_IDS VALUES(17,322,1,40)
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=3 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',4,'','https://play.cscg.live')
COMMIT
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=2 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message'
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',3,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message')
COMMIT
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=3 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',4,'','h3=":443"; ma=2592000')
COMMIT
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=2 AND FLAGS='' AND VALS='application/grpc-web+proto'
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',3,'','application/grpc-web+proto')
COMMIT
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=3 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',4,'','Caddy')
COMMIT
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=2 AND FLAGS='' AND VALS='Origin'
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',3,'','Origin')
COMMIT
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=3 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',4,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=2 AND FLAGS='' AND VALS='129'
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',3,'','129')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(11,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',9,9,'','',319,15,3,'','10035-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(25,11,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(26,11,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(18,551,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 19
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=17
INSERT INTO BLOCKS VALUES(17,1,0)
INSERT INTO BLOCKS VALUES(18,2147483629,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=17
INSERT INTO LOBS VALUES(17,1,0,18)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(18,1,'2024-03-02 03:34:59.177000',1,18,NULL,551,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=18
INSERT INTO LOB_IDS VALUES(18,551,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(12,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',9,9,'','',693,15,3,'','10021')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(27,12,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(28,12,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(19,572,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 20
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=18
INSERT INTO BLOCKS VALUES(18,1,0)
INSERT INTO BLOCKS VALUES(19,2147483628,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=18
INSERT INTO LOBS VALUES(18,1,0,19)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(19,1,'2024-03-02 03:34:59.187000',1,19,NULL,572,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=19
INSERT INTO LOB_IDS VALUES(19,572,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(10,1709346750724,1,200,1709346900752,297,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:01 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(20,323,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 21
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=19
INSERT INTO BLOCKS VALUES(19,1,0)
INSERT INTO BLOCKS VALUES(20,2147483627,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=19
INSERT INTO LOBS VALUES(19,1,0,20)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(20,1,'2024-03-02 03:35:01.052000',1,20,NULL,323,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=20
INSERT INTO LOB_IDS VALUES(20,323,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(13,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',10,10,'','',319,15,3,'','10035-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(29,13,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(30,13,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=4 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',5,'','https://play.cscg.live')
COMMIT
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=3 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message'
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',4,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message')
COMMIT
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=4 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',5,'','h3=":443"; ma=2592000')
COMMIT
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=3 AND FLAGS='' AND VALS='application/grpc-web+proto'
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',4,'','application/grpc-web+proto')
COMMIT
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=4 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',5,'','Caddy')
COMMIT
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=3 AND FLAGS='' AND VALS='Origin'
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',4,'','Origin')
COMMIT
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=4 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',5,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=3 AND FLAGS='' AND VALS='129'
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',4,'','129')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(21,552,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 22
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=20
INSERT INTO BLOCKS VALUES(20,1,0)
INSERT INTO BLOCKS VALUES(21,2147483626,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=20
INSERT INTO LOBS VALUES(20,1,0,21)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(21,1,'2024-03-02 03:35:01.274000',1,21,NULL,552,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=21
INSERT INTO LOB_IDS VALUES(21,552,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(14,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',10,10,'','',693,15,3,'','10021')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(31,14,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(32,14,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(22,573,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 23
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=21
INSERT INTO BLOCKS VALUES(21,1,0)
INSERT INTO BLOCKS VALUES(22,2147483625,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=21
INSERT INTO LOBS VALUES(21,1,0,22)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(22,1,'2024-03-02 03:35:01.281000',1,22,NULL,573,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=22
INSERT INTO LOB_IDS VALUES(22,573,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(11,1709346750724,1,200,1709346902634,106,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:35:02 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(23,324,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 24
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=22
INSERT INTO BLOCKS VALUES(22,1,0)
INSERT INTO BLOCKS VALUES(23,2147483624,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=22
INSERT INTO LOBS VALUES(22,1,0,23)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(23,1,'2024-03-02 03:35:02.743000',1,23,NULL,324,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=23
INSERT INTO LOB_IDS VALUES(23,324,1,40)
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=18 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Headers' AND USED=1 AND FLAGS='' AND VALS='content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization'
INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',2,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization')
COMMIT
DELETE FROM PARAM WHERE PARAMID=19 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Methods' AND USED=1 AND FLAGS='' AND VALS='GET%2CHEAD%2CPOST%2CPUT%2CDELETE'
INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',2,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE')
COMMIT
DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=5 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',6,'','https://play.cscg.live')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(15,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',11,11,'','',319,15,3,'','10035-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(33,15,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(34,15,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=5 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',6,'','h3=":443"; ma=2592000')
COMMIT
DELETE FROM PARAM WHERE PARAMID=20 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Length' AND USED=1 AND FLAGS='' AND VALS='0'
INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',2,'','0')
COMMIT
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=5 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',6,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=5 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',6,'','Caddy')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(24,552,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 25
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=23
INSERT INTO BLOCKS VALUES(23,1,0)
INSERT INTO BLOCKS VALUES(24,2147483623,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=23
INSERT INTO LOBS VALUES(23,1,0,24)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(24,1,'2024-03-02 03:35:02.956000',1,24,NULL,552,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=24
INSERT INTO LOB_IDS VALUES(24,552,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(12,1709346750724,1,200,1709346902745,278,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:03 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(25,323,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 26
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=24
INSERT INTO BLOCKS VALUES(24,1,0)
INSERT INTO BLOCKS VALUES(25,2147483622,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=24
INSERT INTO LOBS VALUES(24,1,0,25)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(25,1,'2024-03-02 03:35:03.024000',1,25,NULL,323,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=25
INSERT INTO LOB_IDS VALUES(25,323,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(16,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',12,12,'','',319,15,3,'','10035-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(35,16,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(36,16,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=6 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',7,'','https://play.cscg.live')
COMMIT
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=4 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message'
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',5,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message')
COMMIT
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=6 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',7,'','h3=":443"; ma=2592000')
COMMIT
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=4 AND FLAGS='' AND VALS='application/grpc-web+proto'
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',5,'','application/grpc-web+proto')
COMMIT
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=6 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',7,'','Caddy')
COMMIT
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=4 AND FLAGS='' AND VALS='Origin'
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',5,'','Origin')
COMMIT
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=6 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',7,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=4 AND FLAGS='' AND VALS='129'
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',5,'','129')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(26,552,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 27
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=25
INSERT INTO BLOCKS VALUES(25,1,0)
INSERT INTO BLOCKS VALUES(26,2147483621,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=25
INSERT INTO LOBS VALUES(25,1,0,26)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(26,1,'2024-03-02 03:35:03.236000',1,26,NULL,552,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=26
INSERT INTO LOB_IDS VALUES(26,552,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(17,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',12,12,'','',693,15,3,'','10021')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(37,17,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(38,17,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(27,573,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 28
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=26
INSERT INTO BLOCKS VALUES(26,1,0)
INSERT INTO BLOCKS VALUES(27,2147483620,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=26
INSERT INTO LOBS VALUES(26,1,0,27)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(27,1,'2024-03-02 03:35:03.262000',1,27,NULL,573,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=27
INSERT INTO LOB_IDS VALUES(27,573,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(13,1709346750724,1,200,1709346904639,173,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Vary, Date, Content-Type, Access-Control-Allow-Origin, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:04 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(28,323,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 29
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=27
INSERT INTO BLOCKS VALUES(27,1,0)
INSERT INTO BLOCKS VALUES(28,2147483619,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=27
INSERT INTO LOBS VALUES(27,1,0,28)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(28,1,'2024-03-02 03:35:04.813000',1,28,NULL,323,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=28
INSERT INTO LOB_IDS VALUES(28,323,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(18,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',13,13,'','',319,15,3,'','10035-1')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=7 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',8,'','https://play.cscg.live')
COMMIT
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=5 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message'
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',6,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(39,18,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(40,18,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=7 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',8,'','h3=":443"; ma=2592000')
COMMIT
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=5 AND FLAGS='' AND VALS='application/grpc-web+proto'
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',6,'','application/grpc-web+proto')
COMMIT
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=7 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',8,'','Caddy')
COMMIT
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=5 AND FLAGS='' AND VALS='Origin'
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',6,'','Origin')
COMMIT
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=7 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',8,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=5 AND FLAGS='' AND VALS='129'
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',6,'','129')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(29,552,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 30
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=28
INSERT INTO BLOCKS VALUES(28,1,0)
INSERT INTO BLOCKS VALUES(29,2147483618,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=28
INSERT INTO LOBS VALUES(28,1,0,29)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(29,1,'2024-03-02 03:35:05.035000',1,29,NULL,552,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=29
INSERT INTO LOB_IDS VALUES(29,552,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(19,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',13,13,'','',693,15,3,'','10021')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(41,19,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(42,19,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(30,573,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 31
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=29
INSERT INTO BLOCKS VALUES(29,1,0)
INSERT INTO BLOCKS VALUES(30,2147483617,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=29
INSERT INTO LOBS VALUES(29,1,0,30)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(30,1,'2024-03-02 03:35:05.038000',1,30,NULL,573,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=30
INSERT INTO LOB_IDS VALUES(30,573,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(14,1709346750724,1,200,1709346906638,170,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:06 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(31,323,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 32
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=30
INSERT INTO BLOCKS VALUES(30,1,0)
INSERT INTO BLOCKS VALUES(31,2147483616,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=30
INSERT INTO LOBS VALUES(30,1,0,31)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(31,1,'2024-03-02 03:35:06.809000',1,31,NULL,323,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=31
INSERT INTO LOB_IDS VALUES(31,323,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(20,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',14,14,'','',319,15,3,'','10035-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(43,20,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(44,20,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=8 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',9,'','https://play.cscg.live')
COMMIT
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=6 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',7,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
COMMIT
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=8 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',9,'','h3=":443"; ma=2592000')
COMMIT
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=6 AND FLAGS='' AND VALS='application/grpc-web+proto'
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',7,'','application/grpc-web+proto')
COMMIT
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=8 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',9,'','Caddy')
COMMIT
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=6 AND FLAGS='' AND VALS='Origin'
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',7,'','Origin')
COMMIT
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=8 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',9,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=6 AND FLAGS='' AND VALS='129'
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',7,'','129')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(32,552,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 33
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=31
INSERT INTO BLOCKS VALUES(31,1,0)
INSERT INTO BLOCKS VALUES(32,2147483615,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=31
INSERT INTO LOBS VALUES(31,1,0,32)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(32,1,'2024-03-02 03:35:07.025000',1,32,NULL,552,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=32
INSERT INTO LOB_IDS VALUES(32,552,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(21,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',14,14,'','',693,15,3,'','10021')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(45,21,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(46,21,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(33,573,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 34
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=32
INSERT INTO BLOCKS VALUES(32,1,0)
INSERT INTO BLOCKS VALUES(33,2147483614,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=32
INSERT INTO LOBS VALUES(32,1,0,33)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(33,1,'2024-03-02 03:35:07.049000',1,33,NULL,573,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=33
INSERT INTO LOB_IDS VALUES(33,573,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(34,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 35
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=33
INSERT INTO BLOCKS VALUES(33,1,0)
INSERT INTO BLOCKS VALUES(34,2147483613,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=33
INSERT INTO LOBS VALUES(33,1,0,34)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(34,1,'2024-03-02 03:35:07.950000',1,34,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=34
INSERT INTO LOB_IDS VALUES(34,64,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(15,1709346750724,1,200,1709346908652,157,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:35:08 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(35,324,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 36
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=34
INSERT INTO BLOCKS VALUES(34,1,0)
INSERT INTO BLOCKS VALUES(35,2147483612,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=34
INSERT INTO LOBS VALUES(34,1,0,35)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(35,1,'2024-03-02 03:35:08.811000',1,35,NULL,324,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=35
INSERT INTO LOB_IDS VALUES(35,324,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(16,1709346750724,1,200,1709346908814,72,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Content-Type, Access-Control-Allow-Origin, Vary, Date, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:08 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=18 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Headers' AND USED=2 AND FLAGS='' AND VALS='content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization'
INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',3,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization')
COMMIT
DELETE FROM PARAM WHERE PARAMID=19 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Methods' AND USED=2 AND FLAGS='' AND VALS='GET%2CHEAD%2CPOST%2CPUT%2CDELETE'
INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',3,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(36,322,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 37
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=9 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',10,'','https://play.cscg.live')
COMMIT
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=9 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',10,'','h3=":443"; ma=2592000')
COMMIT
DELETE FROM PARAM WHERE PARAMID=20 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Length' AND USED=2 AND FLAGS='' AND VALS='0'
INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',3,'','0')
COMMIT
/*C1*/DELETE FROM BLOCKS WHERE BLOCK_ADDR=35
INSERT INTO BLOCKS VALUES(35,1,0)
INSERT INTO BLOCKS VALUES(36,2147483611,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=35
INSERT INTO LOBS VALUES(35,1,0,36)
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=9 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',10,'','Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=9 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',10,'','Caddy')
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(36,1,'2024-03-02 03:35:08.888000',1,36,NULL,322,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=36
INSERT INTO LOB_IDS VALUES(36,322,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(22,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',16,16,'','',319,15,3,'','10035-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(47,22,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(48,22,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=10 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',11,'','https://play.cscg.live')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(23,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',15,15,'','',319,15,3,'','10035-1')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=7 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',8,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(49,23,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=10 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',11,'','h3=":443"; ma=2592000')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(50,23,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=7 AND FLAGS='' AND VALS='application/grpc-web+proto'
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',8,'','application/grpc-web+proto')
COMMIT
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=10 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',11,'','Caddy')
COMMIT
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=7 AND FLAGS='' AND VALS='Origin'
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',8,'','Origin')
COMMIT
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=10 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',11,'','Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=7 AND FLAGS='' AND VALS='129'
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',8,'','129')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(37,552,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 38
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=36
INSERT INTO BLOCKS VALUES(36,1,0)
INSERT INTO BLOCKS VALUES(37,2147483610,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=36
INSERT INTO LOBS VALUES(36,1,0,37)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(37,1,'2024-03-02 03:35:08.894000',1,37,NULL,552,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=37
INSERT INTO LOB_IDS VALUES(37,552,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(38,552,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 39
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=37
INSERT INTO BLOCKS VALUES(37,1,0)
INSERT INTO BLOCKS VALUES(38,2147483609,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=37
INSERT INTO LOBS VALUES(37,1,0,38)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(24,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',16,16,'','',693,15,3,'','10021')
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(38,1,'2024-03-02 03:35:08.894000',1,38,NULL,552,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=38
INSERT INTO LOB_IDS VALUES(38,552,1,40)
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(51,24,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(52,24,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(39,573,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 40
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=38
INSERT INTO BLOCKS VALUES(38,1,0)
INSERT INTO BLOCKS VALUES(39,2147483608,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=38
INSERT INTO LOBS VALUES(38,1,0,39)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(39,1,'2024-03-02 03:35:08.897000',1,39,NULL,573,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=39
INSERT INTO LOB_IDS VALUES(39,573,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(17,1709346750724,1,200,1709346910654,366,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:11 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(40,323,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 41
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=39
INSERT INTO BLOCKS VALUES(39,1,0)
INSERT INTO BLOCKS VALUES(40,2147483607,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=39
INSERT INTO LOBS VALUES(39,1,0,40)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(40,1,'2024-03-02 03:35:11.021000',1,40,NULL,323,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=40
INSERT INTO LOB_IDS VALUES(40,323,1,40)
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=11 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',12,'','https://play.cscg.live')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(25,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',17,17,'','',319,15,3,'','10035-1')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=8 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',9,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
COMMIT
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=11 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',12,'','h3=":443"; ma=2592000')
COMMIT
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=8 AND FLAGS='' AND VALS='application/grpc-web+proto'
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',9,'','application/grpc-web+proto')
COMMIT
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=11 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',12,'','Caddy')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(53,25,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(54,25,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=8 AND FLAGS='' AND VALS='Origin'
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',9,'','Origin')
COMMIT
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=11 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',12,'','Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=8 AND FLAGS='' AND VALS='129'
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',9,'','129')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(41,552,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 42
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=40
INSERT INTO BLOCKS VALUES(40,1,0)
INSERT INTO BLOCKS VALUES(41,2147483606,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=40
INSERT INTO LOBS VALUES(40,1,0,41)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(41,1,'2024-03-02 03:35:11.227000',1,41,NULL,552,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=41
INSERT INTO LOB_IDS VALUES(41,552,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(26,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',17,17,'','',693,15,3,'','10021')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(55,26,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(56,26,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(42,573,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 43
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=41
INSERT INTO BLOCKS VALUES(41,1,0)
INSERT INTO BLOCKS VALUES(42,2147483605,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=41
INSERT INTO LOBS VALUES(41,1,0,42)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(42,1,'2024-03-02 03:35:11.230000',1,42,NULL,573,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=42
INSERT INTO LOB_IDS VALUES(42,573,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(18,1709346750724,1,200,1709346912663,382,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Content-Type, Access-Control-Allow-Origin, Vary, Date, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:12 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(43,323,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 44
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=42
INSERT INTO BLOCKS VALUES(42,1,0)
INSERT INTO BLOCKS VALUES(43,2147483604,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=42
INSERT INTO LOBS VALUES(42,1,0,43)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(43,1,'2024-03-02 03:35:13.047000',1,43,NULL,323,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=43
INSERT INTO LOB_IDS VALUES(43,323,1,40)
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=12 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',13,'','https://play.cscg.live')
COMMIT
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=9 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',10,'','Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
COMMIT
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=12 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',13,'','h3=":443"; ma=2592000')
COMMIT
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=9 AND FLAGS='' AND VALS='application/grpc-web+proto'
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',10,'','application/grpc-web+proto')
COMMIT
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=12 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',13,'','Caddy')
COMMIT
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=9 AND FLAGS='' AND VALS='Origin'
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',10,'','Origin')
COMMIT
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=12 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',13,'','Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=9 AND FLAGS='' AND VALS='129'
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',10,'','129')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(27,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',18,18,'','',319,15,3,'','10035-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(57,27,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(58,27,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(44,552,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 45
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=43
INSERT INTO BLOCKS VALUES(43,1,0)
INSERT INTO BLOCKS VALUES(44,2147483603,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=43
INSERT INTO LOBS VALUES(43,1,0,44)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(44,1,'2024-03-02 03:35:13.255000',1,44,NULL,552,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=44
INSERT INTO LOB_IDS VALUES(44,552,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(28,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',18,18,'','',693,15,3,'','10021')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(59,28,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(60,28,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(45,573,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 46
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=44
INSERT INTO BLOCKS VALUES(44,1,0)
INSERT INTO BLOCKS VALUES(45,2147483602,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=44
INSERT INTO LOBS VALUES(44,1,0,45)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(45,1,'2024-03-02 03:35:13.258000',1,45,NULL,573,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=45
INSERT INTO LOB_IDS VALUES(45,573,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(19,1709346750724,1,200,1709346914670,89,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:35:14 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(46,323,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 47
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=45
INSERT INTO BLOCKS VALUES(45,1,0)
INSERT INTO BLOCKS VALUES(46,2147483601,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=45
INSERT INTO LOBS VALUES(45,1,0,46)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(46,1,'2024-03-02 03:35:14.760000',1,46,NULL,323,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=46
INSERT INTO LOB_IDS VALUES(46,323,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(20,1709346750724,1,200,1709346914763,83,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Content-Type, Date, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:14 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(47,322,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 48
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=46
INSERT INTO BLOCKS VALUES(46,1,0)
INSERT INTO BLOCKS VALUES(47,2147483600,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=46
INSERT INTO LOBS VALUES(46,1,0,47)
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=18 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Headers' AND USED=3 AND FLAGS='' AND VALS='content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization'
INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',4,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization')
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(47,1,'2024-03-02 03:35:14.848000',1,47,NULL,322,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=47
INSERT INTO LOB_IDS VALUES(47,322,1,40)
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=19 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Methods' AND USED=3 AND FLAGS='' AND VALS='GET%2CHEAD%2CPOST%2CPUT%2CDELETE'
INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',4,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE')
COMMIT
DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=13 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',14,'','https://play.cscg.live')
COMMIT
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=13 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',14,'','h3=":443"; ma=2592000')
COMMIT
DELETE FROM PARAM WHERE PARAMID=20 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Length' AND USED=3 AND FLAGS='' AND VALS='0'
INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',4,'','0')
COMMIT
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=13 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',14,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=13 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',14,'','Caddy')
COMMIT
DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=14 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',15,'','https://play.cscg.live')
COMMIT
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=10 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',11,'','Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
COMMIT
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=14 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',15,'','h3=":443"; ma=2592000')
COMMIT
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=10 AND FLAGS='' AND VALS='application/grpc-web+proto'
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',11,'','application/grpc-web+proto')
COMMIT
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=14 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',15,'','Caddy')
COMMIT
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=10 AND FLAGS='' AND VALS='Origin'
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',11,'','Origin')
COMMIT
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=14 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',15,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(29,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',20,20,'','',319,15,3,'','10035-1')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=10 AND FLAGS='' AND VALS='129'
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',11,'','129')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(61,29,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(62,29,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(48,552,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 49
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=47
INSERT INTO BLOCKS VALUES(47,1,0)
INSERT INTO BLOCKS VALUES(48,2147483599,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=47
INSERT INTO LOBS VALUES(47,1,0,48)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(30,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',19,19,'','',319,15,3,'','10035-1')
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(48,1,'2024-03-02 03:35:14.851000',1,48,NULL,552,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=48
INSERT INTO LOB_IDS VALUES(48,552,1,40)
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(63,30,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(64,30,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(31,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',20,20,'','',693,15,3,'','10021')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(65,31,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(66,31,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(49,552,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 50
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=48
INSERT INTO BLOCKS VALUES(48,1,0)
INSERT INTO BLOCKS VALUES(49,2147483598,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=48
INSERT INTO LOBS VALUES(48,1,0,49)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(49,1,'2024-03-02 03:35:14.853000',1,49,NULL,552,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=49
INSERT INTO LOB_IDS VALUES(49,552,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(50,573,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 51
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=49
INSERT INTO BLOCKS VALUES(49,1,0)
INSERT INTO BLOCKS VALUES(50,2147483597,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=49
INSERT INTO LOBS VALUES(49,1,0,50)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(50,1,'2024-03-02 03:35:14.853000',1,50,NULL,573,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=50
INSERT INTO LOB_IDS VALUES(50,573,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(21,1709346750724,1,200,1709346916670,183,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Date, Access-Control-Allow-Origin, Vary, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:16 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(51,323,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 52
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=50
INSERT INTO BLOCKS VALUES(50,1,0)
INSERT INTO BLOCKS VALUES(51,2147483596,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=50
INSERT INTO LOBS VALUES(50,1,0,51)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(51,1,'2024-03-02 03:35:16.854000',1,51,NULL,323,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=51
INSERT INTO LOB_IDS VALUES(51,323,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(32,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',21,21,'','',319,15,3,'','10035-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(67,32,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(68,32,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=15 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',16,'','https://play.cscg.live')
COMMIT
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=11 AND FLAGS='' AND VALS='Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',12,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
COMMIT
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=15 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',16,'','h3=":443"; ma=2592000')
COMMIT
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=11 AND FLAGS='' AND VALS='application/grpc-web+proto'
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',12,'','application/grpc-web+proto')
COMMIT
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=15 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',16,'','Caddy')
COMMIT
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=11 AND FLAGS='' AND VALS='Origin'
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',12,'','Origin')
COMMIT
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=15 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',16,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=11 AND FLAGS='' AND VALS='129'
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',12,'','129')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(52,552,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 53
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=51
INSERT INTO BLOCKS VALUES(51,1,0)
INSERT INTO BLOCKS VALUES(52,2147483595,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=51
INSERT INTO LOBS VALUES(51,1,0,52)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(52,1,'2024-03-02 03:35:17.057000',1,52,NULL,552,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=52
INSERT INTO LOB_IDS VALUES(52,552,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(33,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',21,21,'','',693,15,3,'','10021')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(69,33,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(70,33,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(53,573,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 54
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=52
INSERT INTO BLOCKS VALUES(52,1,0)
INSERT INTO BLOCKS VALUES(53,2147483594,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=52
INSERT INTO LOBS VALUES(52,1,0,53)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(53,1,'2024-03-02 03:35:17.059000',1,53,NULL,573,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=53
INSERT INTO LOB_IDS VALUES(53,573,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(54,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 55
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=53
INSERT INTO BLOCKS VALUES(53,1,0)
INSERT INTO BLOCKS VALUES(54,2147483593,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=53
INSERT INTO LOBS VALUES(53,1,0,54)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(54,1,'2024-03-02 03:35:17.952000',1,54,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=54
INSERT INTO LOB_IDS VALUES(54,64,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(22,1709346750724,1,200,1709346918678,165,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Vary, Date, Content-Type, Access-Control-Allow-Origin, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:18 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(55,323,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 56
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=54
INSERT INTO BLOCKS VALUES(54,1,0)
INSERT INTO BLOCKS VALUES(55,2147483592,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=54
INSERT INTO LOBS VALUES(54,1,0,55)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(55,1,'2024-03-02 03:35:18.846000',1,55,NULL,323,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=55
INSERT INTO LOB_IDS VALUES(55,323,1,40)
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=16 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',17,'','https://play.cscg.live')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(34,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',22,22,'','',319,15,3,'','10035-1')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=12 AND FLAGS='' AND VALS='Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',13,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
COMMIT
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=16 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',17,'','h3=":443"; ma=2592000')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(71,34,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=12 AND FLAGS='' AND VALS='application/grpc-web+proto'
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',13,'','application/grpc-web+proto')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(72,34,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=16 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',17,'','Caddy')
COMMIT
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=12 AND FLAGS='' AND VALS='Origin'
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',13,'','Origin')
COMMIT
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=16 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',17,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=12 AND FLAGS='' AND VALS='129'
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',13,'','129')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(56,552,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 57
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=55
INSERT INTO BLOCKS VALUES(55,1,0)
INSERT INTO BLOCKS VALUES(56,2147483591,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=55
INSERT INTO LOBS VALUES(55,1,0,56)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(56,1,'2024-03-02 03:35:19.051000',1,56,NULL,552,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=56
INSERT INTO LOB_IDS VALUES(56,552,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(35,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',22,22,'','',693,15,3,'','10021')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(73,35,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(74,35,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(57,573,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 58
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=56
INSERT INTO BLOCKS VALUES(56,1,0)
INSERT INTO BLOCKS VALUES(57,2147483590,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=56
INSERT INTO LOBS VALUES(56,1,0,57)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(57,1,'2024-03-02 03:35:19.055000',1,57,NULL,573,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=57
INSERT INTO LOB_IDS VALUES(57,573,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(23,1709346750724,1,200,1709346920686,174,'OPTIONS','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','OPTIONS https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aAccess-Control-Request-Method: POST\u000d\u000aAccess-Control-Request-Headers: authorization,content-type,x-grpc-web,x-user-agent\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Headers: content-type,accept,x-user-agent,x-grpc-web,grpc-status,grpc-message,authorization\u000d\u000aAccess-Control-Allow-Methods: GET,HEAD,POST,PUT,DELETE\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Length: 0\u000d\u000aDate: Sat, 02 Mar 2024 02:35:20 GMT\u000d\u000aServer: Caddy\u000d\u000a\u000d\u000a','',NULL,'',TRUE)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(58,324,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 59
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=57
INSERT INTO BLOCKS VALUES(57,1,0)
INSERT INTO BLOCKS VALUES(58,2147483589,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=57
INSERT INTO LOBS VALUES(57,1,0,58)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(58,1,'2024-03-02 03:35:20.861000',1,58,NULL,324,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=58
INSERT INTO LOB_IDS VALUES(58,324,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(24,1709346750724,1,200,1709346920865,94,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Vary, Date, Content-Type, Access-Control-Allow-Origin, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:20 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(59,322,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 60
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=58
INSERT INTO BLOCKS VALUES(58,1,0)
INSERT INTO BLOCKS VALUES(59,2147483588,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=58
INSERT INTO LOBS VALUES(58,1,0,59)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(59,1,'2024-03-02 03:35:20.962000',1,59,NULL,322,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=59
INSERT INTO LOB_IDS VALUES(59,322,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(36,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',24,24,'','',319,15,3,'','10035-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(75,36,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(76,36,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(37,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',23,23,'','',319,15,3,'','10035-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(77,37,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(78,37,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=18 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Headers' AND USED=4 AND FLAGS='' AND VALS='content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization'
INSERT INTO PARAM VALUES(18,'api.cscg.live:444','header','Access-Control-Allow-Headers',5,'','content-type%2Caccept%2Cx-user-agent%2Cx-grpc-web%2Cgrpc-status%2Cgrpc-message%2Cauthorization')
COMMIT
DELETE FROM PARAM WHERE PARAMID=19 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Methods' AND USED=4 AND FLAGS='' AND VALS='GET%2CHEAD%2CPOST%2CPUT%2CDELETE'
INSERT INTO PARAM VALUES(19,'api.cscg.live:444','header','Access-Control-Allow-Methods',5,'','GET%2CHEAD%2CPOST%2CPUT%2CDELETE')
COMMIT
DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=17 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',18,'','https://play.cscg.live')
COMMIT
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=17 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',18,'','h3=":443"; ma=2592000')
COMMIT
DELETE FROM PARAM WHERE PARAMID=20 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Length' AND USED=4 AND FLAGS='' AND VALS='0'
INSERT INTO PARAM VALUES(20,'api.cscg.live:444','header','Content-Length',5,'','0')
COMMIT
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=17 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',18,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=17 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',18,'','Caddy')
COMMIT
DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=18 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',19,'','https://play.cscg.live')
COMMIT
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=13 AND FLAGS='' AND VALS='Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',14,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
COMMIT
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=18 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',19,'','h3=":443"; ma=2592000')
COMMIT
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=13 AND FLAGS='' AND VALS='application/grpc-web+proto'
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',14,'','application/grpc-web+proto')
COMMIT
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=18 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',19,'','Caddy')
COMMIT
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=13 AND FLAGS='' AND VALS='Origin'
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',14,'','Origin')
COMMIT
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=18 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',19,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=13 AND FLAGS='' AND VALS='129'
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',14,'','129')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(60,552,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 61
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=59
INSERT INTO BLOCKS VALUES(59,1,0)
INSERT INTO BLOCKS VALUES(60,2147483587,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=59
INSERT INTO LOBS VALUES(59,1,0,60)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(60,1,'2024-03-02 03:35:20.971000',1,60,NULL,552,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=60
INSERT INTO LOB_IDS VALUES(60,552,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(61,552,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 62
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=60
INSERT INTO BLOCKS VALUES(60,1,0)
INSERT INTO BLOCKS VALUES(61,2147483586,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=60
INSERT INTO LOBS VALUES(60,1,0,61)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(61,1,'2024-03-02 03:35:20.971000',1,61,NULL,552,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=61
INSERT INTO LOB_IDS VALUES(61,552,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(38,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',24,24,'','',693,15,3,'','10021')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(79,38,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(80,38,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(62,573,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 63
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=61
INSERT INTO BLOCKS VALUES(61,1,0)
INSERT INTO BLOCKS VALUES(62,2147483585,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=61
INSERT INTO LOBS VALUES(61,1,0,62)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(62,1,'2024-03-02 03:35:20.973000',1,62,NULL,573,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=62
INSERT INTO LOB_IDS VALUES(62,573,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(25,1709346750724,1,200,1709346922688,508,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Date, Content-Type, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:23 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(63,323,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 64
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=62
INSERT INTO BLOCKS VALUES(62,1,0)
INSERT INTO BLOCKS VALUES(63,2147483584,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=62
INSERT INTO LOBS VALUES(62,1,0,63)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(63,1,'2024-03-02 03:35:23.197000',1,63,NULL,323,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=63
INSERT INTO LOB_IDS VALUES(63,323,1,40)
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=19 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',20,'','https://play.cscg.live')
COMMIT
DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=14 AND FLAGS='' AND VALS='Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',15,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
COMMIT
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=19 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',20,'','h3=":443"; ma=2592000')
COMMIT
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=14 AND FLAGS='' AND VALS='application/grpc-web+proto'
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',15,'','application/grpc-web+proto')
COMMIT
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=19 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',20,'','Caddy')
COMMIT
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=14 AND FLAGS='' AND VALS='Origin'
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',15,'','Origin')
COMMIT
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=19 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',20,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:23 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=14 AND FLAGS='' AND VALS='129'
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',15,'','129')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(39,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',25,25,'','',319,15,3,'','10035-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(81,39,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(82,39,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(64,552,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 65
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=63
INSERT INTO BLOCKS VALUES(63,1,0)
INSERT INTO BLOCKS VALUES(64,2147483583,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=63
INSERT INTO LOBS VALUES(63,1,0,64)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(64,1,'2024-03-02 03:35:23.399000',1,64,NULL,552,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=64
INSERT INTO LOB_IDS VALUES(64,552,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(40,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',25,25,'','',693,15,3,'','10021')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(83,40,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(84,40,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(65,573,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 66
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=64
INSERT INTO BLOCKS VALUES(64,1,0)
INSERT INTO BLOCKS VALUES(65,2147483582,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=64
INSERT INTO LOBS VALUES(64,1,0,65)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(65,1,'2024-03-02 03:35:23.402000',1,65,NULL,573,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=65
INSERT INTO LOB_IDS VALUES(65,573,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(26,1709346750724,1,200,1709346924701,311,'POST','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','POST https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus HTTP/1.1\u000d\u000ahost: api.cscg.live:444\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: */*\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aReferer: https://play.cscg.live/\u000d\u000aauthorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIzMDYwODYxNzY1ODUxNTQ1NjAiLCJleHAiOjE3MDk5MTMzMjh9.JpFHIOU8-a2WYlNV5ULXkK-u_99MLNy-igxO672RIuI\u000d\u000acontent-type: application/grpc-web+proto\u000d\u000ax-grpc-web: 1\u000d\u000ax-user-agent: connect-es/1.3.0\u000d\u000aContent-Length: 44\u000d\u000aOrigin: https://play.cscg.live\u000d\u000aConnection: keep-alive\u000d\u000aSec-Fetch-Dest: empty\u000d\u000aSec-Fetch-Mode: cors\u000d\u000aSec-Fetch-Site: same-site\u000d\u000a\u000d\u000a','00000000270a18373232653363613365393262363863656666353830336664120b696e74726f2d7765622d32','HTTP/1.1 200 OK\u000d\u000aAccess-Control-Allow-Origin: https://play.cscg.live\u000d\u000aAccess-Control-Expose-Headers: Access-Control-Allow-Origin, Vary, Content-Type, Date, grpc-status, grpc-message\u000d\u000aAlt-Svc: h3=":443"; ma=2592000\u000d\u000aContent-Type: application/grpc-web+proto\u000d\u000aServer: Caddy\u000d\u000aVary: Origin\u000d\u000aDate: Sat, 02 Mar 2024 02:35:24 GMT\u000d\u000acontent-length: 129\u000d\u000a\u000d\u000a','00000000670a1837323265336361336539326236386365666635383033666410011a49123d3732326533636133653932623638636566663538303366642d313032342d696e74726f2d7765622d322e6368616c6c656e67652e637363672e6c69766518b90a220568747470738000000010677270632d7374617475733a20300d0a',NULL,'',TRUE)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(66,323,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 67
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=65
INSERT INTO BLOCKS VALUES(65,1,0)
INSERT INTO BLOCKS VALUES(66,2147483581,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=65
INSERT INTO LOBS VALUES(65,1,0,66)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(66,1,'2024-03-02 03:35:25.014000',1,66,NULL,323,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=66
INSERT INTO LOB_IDS VALUES(66,323,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(41,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',26,26,'','',319,15,3,'','10035-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(85,41,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=1 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Allow-Origin' AND USED=20 AND FLAGS='' AND VALS='https://play.cscg.live'
INSERT INTO PARAM VALUES(1,'api.cscg.live:444','header','Access-Control-Allow-Origin',21,'','https://play.cscg.live')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(86,41,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=2 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Access-Control-Expose-Headers' AND USED=15 AND FLAGS='' AND VALS='Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message'
INSERT INTO PARAM VALUES(2,'api.cscg.live:444','header','Access-Control-Expose-Headers',16,'','Date%2C Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Content-Type%2C Date%2C grpc-status%2C grpc-message,Access-Control-Allow-Origin%2C Vary%2C Date%2C Content-Type%2C grpc-status%2C grpc-message,Content-Type%2C Access-Control-Allow-Origin%2C Vary%2C Date%2C grpc-status%2C grpc-message,Vary%2C Date%2C Content-Type%2C Access-Control-Allow-Origin%2C grpc-status%2C grpc-message')
COMMIT
DELETE FROM PARAM WHERE PARAMID=3 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Alt-Svc' AND USED=20 AND FLAGS='' AND VALS='h3=":443"; ma=2592000'
INSERT INTO PARAM VALUES(3,'api.cscg.live:444','header','Alt-Svc',21,'','h3=":443"; ma=2592000')
COMMIT
DELETE FROM PARAM WHERE PARAMID=4 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Content-Type' AND USED=15 AND FLAGS='' AND VALS='application/grpc-web+proto'
INSERT INTO PARAM VALUES(4,'api.cscg.live:444','header','Content-Type',16,'','application/grpc-web+proto')
COMMIT
DELETE FROM PARAM WHERE PARAMID=5 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Server' AND USED=20 AND FLAGS='' AND VALS='Caddy'
INSERT INTO PARAM VALUES(5,'api.cscg.live:444','header','Server',21,'','Caddy')
COMMIT
DELETE FROM PARAM WHERE PARAMID=6 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Vary' AND USED=15 AND FLAGS='' AND VALS='Origin'
INSERT INTO PARAM VALUES(6,'api.cscg.live:444','header','Vary',16,'','Origin')
COMMIT
DELETE FROM PARAM WHERE PARAMID=7 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='Date' AND USED=20 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:23 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT'
INSERT INTO PARAM VALUES(7,'api.cscg.live:444','header','Date',21,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:35:02 GMT,Sat%2C 02 Mar 2024 02:35:04 GMT,Sat%2C 02 Mar 2024 02:35:12 GMT,Sat%2C 02 Mar 2024 02:35:06 GMT,Sat%2C 02 Mar 2024 02:35:23 GMT,Sat%2C 02 Mar 2024 02:34:58 GMT,Sat%2C 02 Mar 2024 02:35:08 GMT,Sat%2C 02 Mar 2024 02:35:03 GMT,Sat%2C 02 Mar 2024 02:34:57 GMT,Sat%2C 02 Mar 2024 02:34:55 GMT,Sat%2C 02 Mar 2024 02:35:01 GMT,Sat%2C 02 Mar 2024 02:35:16 GMT,Sat%2C 02 Mar 2024 02:35:14 GMT,Sat%2C 02 Mar 2024 02:35:11 GMT,Sat%2C 02 Mar 2024 02:35:18 GMT,Sat%2C 02 Mar 2024 02:35:24 GMT,Sat%2C 02 Mar 2024 02:35:20 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=8 AND SITE='api.cscg.live:444' AND TYPE='header' AND NAME='content-length' AND USED=15 AND FLAGS='' AND VALS='129'
INSERT INTO PARAM VALUES(8,'api.cscg.live:444','header','content-length',16,'','129')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(67,552,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 68
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=66
INSERT INTO BLOCKS VALUES(66,1,0)
INSERT INTO BLOCKS VALUES(67,2147483580,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=66
INSERT INTO LOBS VALUES(66,1,0,67)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(67,1,'2024-03-02 03:35:25.220000',1,67,NULL,552,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=67
INSERT INTO LOB_IDS VALUES(67,552,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(42,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://api.cscg.live:444/platform.Platform/BrokerGetSessionStatus','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',26,26,'','',693,15,3,'','10021')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(87,42,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(88,42,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(68,573,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 69
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=67
INSERT INTO BLOCKS VALUES(67,1,0)
INSERT INTO BLOCKS VALUES(68,2147483579,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=67
INSERT INTO LOBS VALUES(67,1,0,68)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(68,1,'2024-03-02 03:35:25.224000',1,68,NULL,573,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=68
INSERT INTO LOB_IDS VALUES(68,573,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(69,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 70
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=68
INSERT INTO BLOCKS VALUES(68,1,0)
INSERT INTO BLOCKS VALUES(69,2147483578,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=68
INSERT INTO LOBS VALUES(68,1,0,69)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(69,1,'2024-03-02 03:35:27.951000',1,69,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=69
INSERT INTO LOB_IDS VALUES(69,64,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(70,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 71
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=69
INSERT INTO BLOCKS VALUES(69,1,0)
INSERT INTO BLOCKS VALUES(70,2147483577,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=69
INSERT INTO LOBS VALUES(69,1,0,70)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(70,1,'2024-03-02 03:35:37.956000',1,70,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=70
INSERT INTO LOB_IDS VALUES(70,64,1,40)
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=0
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=1
DELETE FROM ALERT_TAG WHERE TAG_ID=2
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=1
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=3
DELETE FROM ALERT_TAG WHERE TAG_ID=4
COMMIT
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=1
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(71,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 72
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=70
INSERT INTO BLOCKS VALUES(70,1,0)
INSERT INTO BLOCKS VALUES(71,2147483576,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=70
INSERT INTO LOBS VALUES(70,1,0,71)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(71,1,'2024-03-02 03:35:47.956000',1,71,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=71
INSERT INTO LOB_IDS VALUES(71,64,1,40)
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=8
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=19
DELETE FROM ALERT_TAG WHERE TAG_ID=20
COMMIT
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=7
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=9
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=21
DELETE FROM ALERT_TAG WHERE TAG_ID=22
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=10
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=23
DELETE FROM ALERT_TAG WHERE TAG_ID=24
COMMIT
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=8
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=11
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=25
DELETE FROM ALERT_TAG WHERE TAG_ID=26
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=12
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=27
DELETE FROM ALERT_TAG WHERE TAG_ID=28
COMMIT
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=9
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=13
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=29
DELETE FROM ALERT_TAG WHERE TAG_ID=30
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=14
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=31
DELETE FROM ALERT_TAG WHERE TAG_ID=32
COMMIT
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=10
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=15
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=33
DELETE FROM ALERT_TAG WHERE TAG_ID=34
COMMIT
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=11
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=16
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=35
DELETE FROM ALERT_TAG WHERE TAG_ID=36
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=17
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=37
DELETE FROM ALERT_TAG WHERE TAG_ID=38
COMMIT
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=12
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=18
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=39
DELETE FROM ALERT_TAG WHERE TAG_ID=40
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=19
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=41
DELETE FROM ALERT_TAG WHERE TAG_ID=42
COMMIT
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=13
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=20
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=43
DELETE FROM ALERT_TAG WHERE TAG_ID=44
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=21
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=45
DELETE FROM ALERT_TAG WHERE TAG_ID=46
COMMIT
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=14
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=23
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=49
DELETE FROM ALERT_TAG WHERE TAG_ID=50
COMMIT
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=15
COMMIT
DELETE FROM HISTORY WHERE HISTORYID=16
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=25
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=53
DELETE FROM ALERT_TAG WHERE TAG_ID=54
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=26
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=55
DELETE FROM ALERT_TAG WHERE TAG_ID=56
COMMIT
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=17
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=27
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=57
DELETE FROM ALERT_TAG WHERE TAG_ID=58
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=28
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=59
DELETE FROM ALERT_TAG WHERE TAG_ID=60
COMMIT
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=18
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=30
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=63
DELETE FROM ALERT_TAG WHERE TAG_ID=64
COMMIT
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=19
COMMIT
DELETE FROM HISTORY WHERE HISTORYID=20
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=32
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=67
DELETE FROM ALERT_TAG WHERE TAG_ID=68
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=33
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=69
DELETE FROM ALERT_TAG WHERE TAG_ID=70
COMMIT
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=21
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=34
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=71
DELETE FROM ALERT_TAG WHERE TAG_ID=72
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=35
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=73
DELETE FROM ALERT_TAG WHERE TAG_ID=74
COMMIT
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=22
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=37
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=77
DELETE FROM ALERT_TAG WHERE TAG_ID=78
COMMIT
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=23
COMMIT
DELETE FROM HISTORY WHERE HISTORYID=24
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=39
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=81
DELETE FROM ALERT_TAG WHERE TAG_ID=82
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=40
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=83
DELETE FROM ALERT_TAG WHERE TAG_ID=84
COMMIT
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=25
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=41
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=85
DELETE FROM ALERT_TAG WHERE TAG_ID=86
COMMIT
/*C5*/DELETE FROM ALERT WHERE ALERTID=42
COMMIT
/*C6*/DELETE FROM ALERT_TAG WHERE TAG_ID=87
DELETE FROM ALERT_TAG WHERE TAG_ID=88
COMMIT
/*C3*/DELETE FROM HISTORY WHERE HISTORYID=3
COMMIT
DELETE FROM HISTORY WHERE HISTORYID=2
COMMIT
DELETE FROM HISTORY WHERE HISTORYID=26
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(72,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 73
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=71
INSERT INTO BLOCKS VALUES(71,1,0)
INSERT INTO BLOCKS VALUES(72,2147483575,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=71
INSERT INTO LOBS VALUES(71,1,0,72)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(72,1,'2024-03-02 03:35:57.957000',1,72,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=72
INSERT INTO LOB_IDS VALUES(72,64,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(73,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 74
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=72
INSERT INTO BLOCKS VALUES(72,1,0)
INSERT INTO BLOCKS VALUES(73,2147483574,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=72
INSERT INTO LOBS VALUES(72,1,0,73)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(73,1,'2024-03-02 03:36:07.957000',1,73,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=73
INSERT INTO LOB_IDS VALUES(73,64,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(74,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 75
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=73
INSERT INTO BLOCKS VALUES(73,1,0)
INSERT INTO BLOCKS VALUES(74,2147483573,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=73
INSERT INTO LOBS VALUES(73,1,0,74)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(74,1,'2024-03-02 03:36:17.963000',1,74,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=74
INSERT INTO LOB_IDS VALUES(74,64,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(75,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 76
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=74
INSERT INTO BLOCKS VALUES(74,1,0)
INSERT INTO BLOCKS VALUES(75,2147483572,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=74
INSERT INTO LOBS VALUES(74,1,0,75)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(75,1,'2024-03-02 03:36:27.964000',1,75,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=75
INSERT INTO LOB_IDS VALUES(75,64,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(76,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 77
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=75
INSERT INTO BLOCKS VALUES(75,1,0)
INSERT INTO BLOCKS VALUES(76,2147483571,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=75
INSERT INTO LOBS VALUES(75,1,0,76)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(76,1,'2024-03-02 03:36:37.967000',1,76,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=76
INSERT INTO LOB_IDS VALUES(76,64,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(77,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 78
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=76
INSERT INTO BLOCKS VALUES(76,1,0)
INSERT INTO BLOCKS VALUES(77,2147483570,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=76
INSERT INTO LOBS VALUES(76,1,0,77)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(77,1,'2024-03-02 03:36:47.973000',1,77,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=77
INSERT INTO LOB_IDS VALUES(77,64,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(78,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 79
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=77
INSERT INTO BLOCKS VALUES(77,1,0)
INSERT INTO BLOCKS VALUES(78,2147483569,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=77
INSERT INTO LOBS VALUES(77,1,0,78)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(78,1,'2024-03-02 03:36:57.976000',1,78,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=78
INSERT INTO LOB_IDS VALUES(78,64,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(79,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 80
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=78
INSERT INTO BLOCKS VALUES(78,1,0)
INSERT INTO BLOCKS VALUES(79,2147483568,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=78
INSERT INTO LOBS VALUES(78,1,0,79)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(79,1,'2024-03-02 03:37:08.102000',1,79,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=79
INSERT INTO LOB_IDS VALUES(79,64,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(80,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 81
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=79
INSERT INTO BLOCKS VALUES(79,1,0)
INSERT INTO BLOCKS VALUES(80,2147483567,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=79
INSERT INTO LOBS VALUES(79,1,0,80)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(80,1,'2024-03-02 03:37:18.133000',1,80,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=80
INSERT INTO LOB_IDS VALUES(80,64,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(81,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 82
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=80
INSERT INTO BLOCKS VALUES(80,1,0)
INSERT INTO BLOCKS VALUES(81,2147483566,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=80
INSERT INTO LOBS VALUES(80,1,0,81)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(81,1,'2024-03-02 03:37:28.152000',1,81,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=81
INSERT INTO LOB_IDS VALUES(81,64,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(82,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 83
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=81
INSERT INTO BLOCKS VALUES(81,1,0)
INSERT INTO BLOCKS VALUES(82,2147483565,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=81
INSERT INTO LOBS VALUES(81,1,0,82)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(82,1,'2024-03-02 03:37:38.962000',1,82,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=82
INSERT INTO LOB_IDS VALUES(82,64,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(27,1709346750724,15,200,1709347068648,206,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Windows 95; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/\u000d\u000aUpgrade-Insecure-Requests: 1\u000d\u000aSec-Fetch-Dest: document\u000d\u000aSec-Fetch-Mode: navigate\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000aSec-Fetch-User: ?1\u000d\u000acontent-length: 0\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:37:48 GMT\u000d\u000aContent-Type: text/html\u000d\u000aContent-Length: 1366\u000d\u000aLast-Modified: Thu, 01 Jan 1970 00:00:01 GMT\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-556"\u000d\u000aCache-Control: no-store\u000d\u000aAccept-Ranges: bytes\u000d\u000a\u000d\u000a','3c68746d6c3e0a3c686561643e0a202020203c7469746c653e496e74726f20746f2057656220323c2f7469746c653e0a202020203c6d65746120636861727365743d225554462d38223e0a202020203c6c696e6b2072656c3d227374796c6573686565742220747970653d22746578742f6373732220687265663d227374796c652e63737322202f3e0a3c2f686561643e0a3c626f64793e0a3c68313e24284745524d414e5f4349545929205472616d205469636b6574204d616368696e653c2f68313e0a0a3c68333e47657420796f7572203c7370616e207374796c653d22746578742d6465636f726174696f6e3a206c696e652d7468726f7567683b223e7469636b65743c2f7370616e3e20666c61672068657265213c2f68333e0a3c68723e0a57697468207468652068656c70206f66206f75722073746174652d6f662d7468652d61727420666c6f707079206469736b20737769746368696e6720726f626f74732c20796f752063616e206e6f772072656164207468652066697273740a70617274206f662074686520666c616720696e207265616c2074696d65210a3c703e0a466c6167207061727420312f343a203c7370616e207374796c653d22636f6c6f723a20677265656e3b20666f6e742d66616d696c793a2027436f7572696572204e6577272c206d6f6e6f73706163653b223e0a20202020435343477b3c7370616e2069643d22666c6167223e2e2e2e2e2e2e2e2e3c2f7370616e3e3c2f7370616e3e0a0a3c212d2d0a4e6f2074696d6520746f20776169742c2072696768743f0a2d2d3e0a0a3c7363726970743e0a666c6167203d20226c396a6a3535304b220a73796d626f6c7352657665616c6564203d20300a7761697454696d65203d20313030303b0a0a66756e6374696f6e206e65787453796d626f6c2829207b0a202020206966202873796d626f6c7352657665616c6564203e3d20666c61672e6c656e677468292072657475726e3b0a2020202073796d626f6c7352657665616c65642b2b3b0a0a202020207761697454696d65202a3d20323b0a2020202073657454696d656f7574286e65787453796d626f6c2c207761697454696d65293b0a7d0a0a66756e6374696f6e207370696e2829207b0a20202020636f6e737420666c616750617274203d20666c61672e73756273747228302c2073796d626f6c7352657665616c6564293b0a20202020636f6e737420616c706861626574203d2028224142434445464748494a4b4c4d4e4f5052535455565758595a61626364656668696b6c6d6e6f727374757677787a3031323334353637383922290a20202020636f6e73742072616e646f6d53796d626f6c203d0a202020202020202073796d626f6c7352657665616c6564203c20666c61672e6c656e6774680a2020202020202020202020203f20616c7068616265742e636861724174284d6174682e666c6f6f72284d6174682e72616e646f6d2829202a20616c7068616265742e6c656e67746829290a2020202020202020202020203a2022223b0a20202020636f6e737420737566666978203d20222e222e726570656174284d6174682e6d617828302c20666c61672e6c656e677468202d2031202d2073796d626f6c7352657665616c656429293b0a0a20202020646f63756d656e742e676574456c656d656e74427949642822666c616722292e696e6e657248544d4c203d20666c616750617274202b2072616e646f6d53796d626f6c202b207375666669783b0a7d0a0a73657454696d656f7574286e65787453796d626f6c2c207761697454696d65293b0a736574496e74657276616c287370696e2c203530293b0a3c2f7363726970743e0a0a3c2f626f64793e0a3c2f68746d6c3e',NULL,'',TRUE)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(83,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 84
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=82
INSERT INTO BLOCKS VALUES(82,1,0)
INSERT INTO BLOCKS VALUES(83,2147483564,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=82
INSERT INTO LOBS VALUES(82,1,0,83)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(83,1,'2024-03-02 03:37:49.010000',1,83,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=83
INSERT INTO LOB_IDS VALUES(83,64,1,40)
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=9 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Server' AND USED=2 AND FLAGS='' AND VALS='nginx/1.24.0'
INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',3,'','nginx/1.24.0')
COMMIT
DELETE FROM PARAM WHERE PARAMID=10 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Date' AND USED=2 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT'
INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',3,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=11 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Type' AND USED=2 AND FLAGS='' AND VALS='text/html,text/plain'
INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',3,'','text/html,text/plain')
COMMIT
DELETE FROM PARAM WHERE PARAMID=12 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Length' AND USED=2 AND FLAGS='' AND VALS='287,384'
INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',3,'','287,1366,384')
COMMIT
DELETE FROM PARAM WHERE PARAMID=15 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Last-Modified' AND USED=1 AND FLAGS='' AND VALS='Thu%2C 01 Jan 1970 00:00:01 GMT'
INSERT INTO PARAM VALUES(15,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Last-Modified',2,'','Thu%2C 01 Jan 1970 00:00:01 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=13 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Connection' AND USED=2 AND FLAGS='' AND VALS='keep-alive'
INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',3,'','keep-alive')
COMMIT
DELETE FROM PARAM WHERE PARAMID=14 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='ETag' AND USED=2 AND FLAGS='' AND VALS='"1-180","1-11f"'
INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',3,'','"1-180","1-11f","1-556"')
COMMIT
DELETE FROM PARAM WHERE PARAMID=16 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Cache-Control' AND USED=1 AND FLAGS='' AND VALS='no-store'
INSERT INTO PARAM VALUES(16,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Cache-Control',2,'','no-store')
COMMIT
DELETE FROM PARAM WHERE PARAMID=17 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Accept-Ranges' AND USED=1 AND FLAGS='' AND VALS='bytes'
INSERT INTO PARAM VALUES(17,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Accept-Ranges',2,'','bytes')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(43,0,10020,'Missing Anti-clickjacking Header',2,2,'The response does not include either Content-Security-Policy with ''frame-ancestors'' directive or X-Frame-Options to protect against ''ClickJacking'' attacks.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','x-frame-options','','Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.\u000aIf you expect the page to be framed only by pages on your server (e.g. it''s part of a FRAMESET) then you''ll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy''s "frame-ancestors" directive.','https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options',27,27,'','',1021,15,3,'','10020-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(89,43,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(90,43,'WSTG-v42-CLNT-09','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/09-Testing_for_Clickjacking')
COMMIT
INSERT INTO ALERT_TAG VALUES(91,43,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(84,630,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 85
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=83
INSERT INTO BLOCKS VALUES(83,1,0)
INSERT INTO BLOCKS VALUES(84,2147483563,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=83
INSERT INTO LOBS VALUES(83,1,0,84)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(84,1,'2024-03-02 03:37:49.436000',1,84,NULL,630,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=84
INSERT INTO LOB_IDS VALUES(84,630,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(44,0,10015,'Re-examine Cache-control Directives',0,1,'The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','cache-control','','For secure content, ensure the cache-control HTTP header is set with "no-cache, no-store, must-revalidate". If an asset should be cached consider setting the directives "public, max-age, immutable".','https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching\u000ahttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control\u000ahttps://grayduck.mn/2021/09/13/cache-control-recommendations/',27,27,'','no-store',525,13,3,'','10015')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(92,44,'WSTG-v42-ATHN-06','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/04-Authentication_Testing/06-Testing_for_Browser_Cache_Weaknesses')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(85,635,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 86
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=84
INSERT INTO BLOCKS VALUES(84,1,0)
INSERT INTO BLOCKS VALUES(85,2147483562,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=84
INSERT INTO LOBS VALUES(84,1,0,85)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(85,1,'2024-03-02 03:37:49.459000',1,85,NULL,635,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=85
INSERT INTO LOB_IDS VALUES(85,635,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(45,0,10038,'Content Security Policy (CSP) Header Not Set',2,3,'Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page \u2014 covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.','https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy\u000ahttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\u000ahttps://www.w3.org/TR/CSP/\u000ahttps://w3c.github.io/webappsec-csp/\u000ahttps://web.dev/articles/csp\u000ahttps://caniuse.com/#feat=contentsecuritypolicy\u000ahttps://content-security-policy.com/',27,27,'','',693,15,3,'','10038-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(93,45,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(94,45,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(86,625,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 87
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=85
INSERT INTO BLOCKS VALUES(85,1,0)
INSERT INTO BLOCKS VALUES(86,2147483561,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=85
INSERT INTO LOBS VALUES(85,1,0,86)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(86,1,'2024-03-02 03:37:49.464000',1,86,NULL,625,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=86
INSERT INTO LOB_IDS VALUES(86,625,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(46,0,10109,'Modern Web Application',0,2,'The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','No links have been found while there are scripts, which is an indication that this is a modern web application.','This is an informational alert and so no changes are required.','',27,27,'','<script>\u000aflag = "l9jj550K"\u000asymbolsRevealed = 0\u000awaitTime = 1000;\u000a\u000afunction nextSymbol() {\u000a if (symbolsRevealed >= flag.length) return;\u000a symbolsRevealed++;\u000a\u000a waitTime *= 2;\u000a setTimeout(nextSymbol, waitTime);\u000a}\u000a\u000afunction spin() {\u000a const flagPart = flag.substr(0, symbolsRevealed);\u000a const alphabet = ("ABCDEFGHIJKLMNOPRSTUVWXYZabcdefhiklmnorstuvwxz0123456789")\u000a const randomSymbol =\u000a symbolsRevealed < flag.length\u000a ? alphabet.charAt(Math.floor(Math.random() * alphabet.length))\u000a : "";\u000a const suffix = ".".repeat(Math.max(0, flag.length - 1 - symbolsRevealed));\u000a\u000a document.getElementById("flag").innerHTML = flagPart + randomSymbol + suffix;\u000a}\u000a\u000asetTimeout(nextSymbol, waitTime);\u000asetInterval(spin, 50);\u000a</script>',-1,-1,3,'','10109')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(87,612,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 88
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=86
INSERT INTO BLOCKS VALUES(86,1,0)
INSERT INTO BLOCKS VALUES(87,2147483560,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=86
INSERT INTO LOBS VALUES(86,1,0,87)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(87,1,'2024-03-02 03:37:49.486000',1,87,NULL,612,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=87
INSERT INTO LOB_IDS VALUES(87,612,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(47,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',27,27,'','nginx/1.24.0',200,13,3,'','10036')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(95,47,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(96,47,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
INSERT INTO ALERT_TAG VALUES(97,47,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(88,652,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 89
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=87
INSERT INTO BLOCKS VALUES(87,1,0)
INSERT INTO BLOCKS VALUES(88,2147483559,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=87
INSERT INTO LOBS VALUES(87,1,0,88)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(88,1,'2024-03-02 03:37:49.514000',1,88,NULL,652,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=88
INSERT INTO LOB_IDS VALUES(88,652,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(48,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',27,27,'','',319,15,3,'','10035-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(98,48,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(99,48,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(89,618,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 90
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=88
INSERT INTO BLOCKS VALUES(88,1,0)
INSERT INTO BLOCKS VALUES(89,2147483558,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=88
INSERT INTO LOBS VALUES(88,1,0,89)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(89,1,'2024-03-02 03:37:49.518000',1,89,NULL,618,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=89
INSERT INTO LOB_IDS VALUES(89,618,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(49,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',27,27,'','',693,15,3,'','10021')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(100,49,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(101,49,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(90,639,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 91
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=89
INSERT INTO BLOCKS VALUES(89,1,0)
INSERT INTO BLOCKS VALUES(90,2147483557,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=89
INSERT INTO LOBS VALUES(89,1,0,90)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(90,1,'2024-03-02 03:37:49.522000',1,90,NULL,639,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=90
INSERT INTO LOB_IDS VALUES(90,639,1,40)
COMMIT
/*C8*/SET SCHEMA PUBLIC
INSERT INTO TAG VALUES(1,27,'Script')
COMMIT
INSERT INTO TAG VALUES(2,27,'Comment')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(91,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 92
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=90
INSERT INTO BLOCKS VALUES(90,1,0)
INSERT INTO BLOCKS VALUES(91,2147483556,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=90
INSERT INTO LOBS VALUES(90,1,0,91)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(91,1,'2024-03-02 03:37:59.053000',1,91,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=91
INSERT INTO LOB_IDS VALUES(91,64,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(92,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 93
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=91
INSERT INTO BLOCKS VALUES(91,1,0)
INSERT INTO BLOCKS VALUES(92,2147483555,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=91
INSERT INTO LOBS VALUES(91,1,0,92)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(92,1,'2024-03-02 03:38:09.054000',1,92,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=92
INSERT INTO LOB_IDS VALUES(92,64,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(93,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 94
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=92
INSERT INTO BLOCKS VALUES(92,1,0)
INSERT INTO BLOCKS VALUES(93,2147483554,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=92
INSERT INTO LOBS VALUES(92,1,0,93)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(93,1,'2024-03-02 03:38:19.056000',1,93,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=93
INSERT INTO LOB_IDS VALUES(93,64,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(94,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 95
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=93
INSERT INTO BLOCKS VALUES(93,1,0)
INSERT INTO BLOCKS VALUES(94,2147483553,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=93
INSERT INTO LOBS VALUES(93,1,0,94)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(94,1,'2024-03-02 03:38:29.059000',1,94,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=94
INSERT INTO LOB_IDS VALUES(94,64,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(95,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 96
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=94
INSERT INTO BLOCKS VALUES(94,1,0)
INSERT INTO BLOCKS VALUES(95,2147483552,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=94
INSERT INTO LOBS VALUES(94,1,0,95)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(95,1,'2024-03-02 03:38:39.059000',1,95,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=95
INSERT INTO LOB_IDS VALUES(95,64,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(28,1709346750724,1,403,1709347121300,30,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aUpgrade-Insecure-Requests: 1\u000d\u000aSec-Fetch-Dest: document\u000d\u000aSec-Fetch-Mode: navigate\u000d\u000aSec-Fetch-Site: none\u000d\u000aSec-Fetch-User: ?1\u000d\u000a\u000d\u000a','','HTTP/1.1 403 Forbidden\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:38:41 GMT\u000d\u000aContent-Type: text/html\u000d\u000aContent-Length: 384\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-180"\u000d\u000a\u000d\u000a','3c68746d6c3e0a3c686561643e0a202020203c7469746c653e496e74726f20746f2057656220323c2f7469746c653e0a202020203c6d65746120636861727365743d225554462d38223e0a202020203c6c696e6b2072656c3d227374796c6573686565742220747970653d22746578742f6373732220687265663d227374796c652e63737322202f3e0a3c2f686561643e0a3c626f64793e0a3c68313e24284745524d414e5f4349545929205472616d205469636b6574204d616368696e653c2f68313e0a0a3c68333e3c7370616e207374796c653d22636f6c6f723a20726564223e496e736563757265206f7065726174696e672073797374656d213c2f7370616e3e3c2f68333e0a3c68723e0a466f7220734563557249745920724561536f4e732c20796f75206e65656420746f2075706461746520796f75722073797374656d20746f2057696e646f7773203935206265666f726520616363657373696e6720746869732077656273697465210a3c2f626f64793e0a3c2f68746d6c3e',NULL,'',TRUE)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(96,354,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 97
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=95
INSERT INTO BLOCKS VALUES(95,1,0)
INSERT INTO BLOCKS VALUES(96,2147483551,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=95
INSERT INTO LOBS VALUES(95,1,0,96)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(96,1,'2024-03-02 03:38:41.333000',1,96,NULL,354,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=96
INSERT INTO LOB_IDS VALUES(96,354,1,40)
COMMIT
/*C3*/INSERT INTO HISTORY VALUES(29,1709346750724,1,200,1709347121392,40,'GET','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','GET https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css HTTP/1.1\u000d\u000ahost: 722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337\u000d\u000aUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0\u000d\u000aAccept: text/css,*/*;q=0.1\u000d\u000aAccept-Language: en-US,en;q=0.5\u000d\u000aConnection: keep-alive\u000d\u000aReferer: https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html\u000d\u000aSec-Fetch-Dest: style\u000d\u000aSec-Fetch-Mode: no-cors\u000d\u000aSec-Fetch-Site: same-origin\u000d\u000a\u000d\u000a','','HTTP/1.1 200 OK\u000d\u000aServer: nginx/1.24.0\u000d\u000aDate: Sat, 02 Mar 2024 02:38:41 GMT\u000d\u000aContent-Type: text/plain\u000d\u000aContent-Length: 287\u000d\u000aLast-Modified: Thu, 01 Jan 1970 00:00:01 GMT\u000d\u000aConnection: keep-alive\u000d\u000aETag: "1-11f"\u000d\u000aCache-Control: no-store\u000d\u000aAccept-Ranges: bytes\u000d\u000a\u000d\u000a','68746d6c207b0a202020206d61782d77696474683a20373063683b0a2020202070616464696e673a2033656d2031656d3b0a202020206d617267696e3a206175746f3b0a202020206c696e652d6865696768743a20312e37353b0a20202020666f6e742d73697a653a20312e3235656d3b0a0a202020206261636b67726f756e642d636f6c6f723a20233145323132323b0a20202020636f6c6f723a20234244423741463b0a7d0a68312c2068322c206833207b0a20202020636f6c6f723a20234538453645333b0a7d0a6872207b0a202020206d617267696e2d746f703a202d31656d3b0a7d0a61207b0a20202020636f6c6f723a206c69676874626c75653b0a20202020746578742d6465636f726174696f6e3a206e6f6e653b0a7d0a',NULL,'',TRUE)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(50,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',29,29,'','nginx/1.24.0',200,13,3,'','10036')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(102,50,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(103,50,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
INSERT INTO ALERT_TAG VALUES(104,50,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=9 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Server' AND USED=3 AND FLAGS='' AND VALS='nginx/1.24.0'
INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',4,'','nginx/1.24.0')
COMMIT
DELETE FROM PARAM WHERE PARAMID=10 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Date' AND USED=3 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT'
INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',4,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:38:41 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=11 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Type' AND USED=3 AND FLAGS='' AND VALS='text/html,text/plain'
INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',4,'','text/html,text/plain')
COMMIT
DELETE FROM PARAM WHERE PARAMID=12 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Length' AND USED=3 AND FLAGS='' AND VALS='287,1366,384'
INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',4,'','287,1366,384')
COMMIT
DELETE FROM PARAM WHERE PARAMID=13 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Connection' AND USED=3 AND FLAGS='' AND VALS='keep-alive'
INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',4,'','keep-alive')
COMMIT
DELETE FROM PARAM WHERE PARAMID=14 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='ETag' AND USED=3 AND FLAGS='' AND VALS='"1-180","1-11f","1-556"'
INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',4,'','"1-180","1-11f","1-556"')
COMMIT
DELETE FROM PARAM WHERE PARAMID=9 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Server' AND USED=4 AND FLAGS='' AND VALS='nginx/1.24.0'
INSERT INTO PARAM VALUES(9,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Server',5,'','nginx/1.24.0')
COMMIT
DELETE FROM PARAM WHERE PARAMID=10 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Date' AND USED=4 AND FLAGS='' AND VALS='Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:38:41 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT'
INSERT INTO PARAM VALUES(10,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Date',5,'','Sat%2C 02 Mar 2024 02:34:56 GMT,Sat%2C 02 Mar 2024 02:38:41 GMT,Sat%2C 02 Mar 2024 02:37:48 GMT')
COMMIT
DELETE FROM PARAM WHERE PARAMID=11 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Type' AND USED=4 AND FLAGS='' AND VALS='text/html,text/plain'
INSERT INTO PARAM VALUES(11,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Type',5,'','text/html,text/plain')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(51,0,10038,'Content Security Policy (CSP) Header Not Set',2,3,'Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page \u2014 covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.','https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy\u000ahttps://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html\u000ahttps://www.w3.org/TR/CSP/\u000ahttps://w3c.github.io/webappsec-csp/\u000ahttps://web.dev/articles/csp\u000ahttps://caniuse.com/#feat=contentsecuritypolicy\u000ahttps://content-security-policy.com/',28,28,'','',693,15,3,'','10038-1')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=12 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Content-Length' AND USED=4 AND FLAGS='' AND VALS='287,1366,384'
INSERT INTO PARAM VALUES(12,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Content-Length',5,'','287,1366,384')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(97,339,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 98
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=96
INSERT INTO BLOCKS VALUES(96,1,0)
INSERT INTO BLOCKS VALUES(97,2147483550,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=96
INSERT INTO LOBS VALUES(96,1,0,97)
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(105,51,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(106,51,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=15 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Last-Modified' AND USED=2 AND FLAGS='' AND VALS='Thu%2C 01 Jan 1970 00:00:01 GMT'
INSERT INTO PARAM VALUES(15,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Last-Modified',3,'','Thu%2C 01 Jan 1970 00:00:01 GMT')
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(97,1,'2024-03-02 03:38:41.437000',1,97,NULL,339,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=97
INSERT INTO LOB_IDS VALUES(97,339,1,40)
COMMIT
/*C10*/DELETE FROM PARAM WHERE PARAMID=13 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Connection' AND USED=4 AND FLAGS='' AND VALS='keep-alive'
INSERT INTO PARAM VALUES(13,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Connection',5,'','keep-alive')
COMMIT
DELETE FROM PARAM WHERE PARAMID=14 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='ETag' AND USED=4 AND FLAGS='' AND VALS='"1-180","1-11f","1-556"'
INSERT INTO PARAM VALUES(14,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','ETag',5,'','"1-180","1-11f","1-556"')
COMMIT
DELETE FROM PARAM WHERE PARAMID=16 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Cache-Control' AND USED=2 AND FLAGS='' AND VALS='no-store'
INSERT INTO PARAM VALUES(16,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Cache-Control',3,'','no-store')
COMMIT
DELETE FROM PARAM WHERE PARAMID=17 AND SITE='722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337' AND TYPE='header' AND NAME='Accept-Ranges' AND USED=2 AND FLAGS='' AND VALS='bytes'
INSERT INTO PARAM VALUES(17,'722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337','header','Accept-Ranges',3,'','bytes')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(98,625,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 99
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=97
INSERT INTO BLOCKS VALUES(97,1,0)
INSERT INTO BLOCKS VALUES(98,2147483549,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=97
INSERT INTO LOBS VALUES(97,1,0,98)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(98,1,'2024-03-02 03:38:41.439000',1,98,NULL,625,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=98
INSERT INTO LOB_IDS VALUES(98,625,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(99,622,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 100
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=98
INSERT INTO BLOCKS VALUES(98,1,0)
INSERT INTO BLOCKS VALUES(99,2147483548,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=98
INSERT INTO LOBS VALUES(98,1,0,99)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(99,1,'2024-03-02 03:38:41.440000',1,99,NULL,622,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=99
INSERT INTO LOB_IDS VALUES(99,622,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(52,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',29,29,'','',319,15,3,'','10035-1')
COMMIT
INSERT INTO ALERT VALUES(53,0,10036,'Server Leaks Version Information via "Server" HTTP Response Header Field',1,3,'The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.','https://httpd.apache.org/docs/current/mod/core.html#servertokens\u000ahttps://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff648552(v=pandp.10)\u000ahttps://www.troyhunt.com/shhh-dont-let-your-response-headers/',28,28,'','nginx/1.24.0',200,13,3,'','10036')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(107,53,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(108,53,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
INSERT INTO ALERT_TAG VALUES(109,53,'WSTG-v42-INFO-02','https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server')
COMMIT
INSERT INTO ALERT_TAG VALUES(110,52,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(111,52,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(100,588,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 101
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=99
INSERT INTO BLOCKS VALUES(99,1,0)
INSERT INTO BLOCKS VALUES(100,2147483547,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=99
INSERT INTO LOBS VALUES(99,1,0,100)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(101,1,'2024-03-02 03:38:41.449000',1,100,NULL,588,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=100
INSERT INTO LOB_IDS VALUES(100,588,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(101,652,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 102
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=100
INSERT INTO BLOCKS VALUES(100,1,0)
INSERT INTO BLOCKS VALUES(101,2147483546,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=100
INSERT INTO LOBS VALUES(100,1,0,101)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(100,1,'2024-03-02 03:38:41.449000',1,101,NULL,652,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=101
INSERT INTO LOB_IDS VALUES(101,652,1,40)
COMMIT
/*C5*/INSERT INTO ALERT VALUES(54,0,10035,'Strict-Transport-Security Header Not Set',1,3,'HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/tram-ticket-machine.html','','','Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.','https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html\u000ahttps://owasp.org/www-community/Security_Headers\u000ahttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u000ahttps://caniuse.com/stricttransportsecurity\u000ahttps://datatracker.ietf.org/doc/html/rfc6797',28,28,'','',319,15,3,'','10035-1')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(112,54,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(113,54,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C5*/INSERT INTO ALERT VALUES(55,0,10021,'X-Content-Type-Options Header Missing',1,2,'The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ''nosniff''. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.','https://722e3ca3e92b68ceff5803fd-1024-intro-web-2.challenge.cscg.live:1337/style.css','x-content-type-options','This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.\u000aAt "High" threshold this scan rule will not alert on client or server error responses.','Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to ''nosniff'' for all web pages.\u000aIf possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.','https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/gg622941(v=vs.85)\u000ahttps://owasp.org/www-community/Security_Headers',29,29,'','',693,15,3,'','10021')
COMMIT
/*C6*/INSERT INTO ALERT_TAG VALUES(114,55,'OWASP_2021_A05','https://owasp.org/Top10/A05_2021-Security_Misconfiguration/')
COMMIT
INSERT INTO ALERT_TAG VALUES(115,55,'OWASP_2017_A06','https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html')
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(102,618,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 103
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=101
INSERT INTO BLOCKS VALUES(101,1,0)
INSERT INTO BLOCKS VALUES(102,2147483545,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=101
INSERT INTO LOBS VALUES(101,1,0,102)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(103,1,'2024-03-02 03:38:41.472000',1,102,NULL,618,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=102
INSERT INTO LOB_IDS VALUES(102,618,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(103,609,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 104
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=102
INSERT INTO BLOCKS VALUES(102,1,0)
INSERT INTO BLOCKS VALUES(103,2147483544,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=102
INSERT INTO LOBS VALUES(102,1,0,103)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(102,1,'2024-03-02 03:38:41.472000',1,103,NULL,609,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=103
INSERT INTO LOB_IDS VALUES(103,609,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(104,201,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 105
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=103
INSERT INTO BLOCKS VALUES(103,1,0)
INSERT INTO BLOCKS VALUES(104,2147483543,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=103
INSERT INTO LOBS VALUES(103,1,0,104)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(104,1,'2024-03-02 03:38:41.813000',1,104,NULL,201,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=104
INSERT INTO LOB_IDS VALUES(104,201,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(105,2013,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 106
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=104
INSERT INTO BLOCKS VALUES(104,1,0)
INSERT INTO BLOCKS VALUES(105,2147483542,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=104
INSERT INTO LOBS VALUES(104,1,0,105)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(105,1,'2024-03-02 03:38:41.817000',1,105,NULL,2013,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=105
INSERT INTO LOB_IDS VALUES(105,2013,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(106,176,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 107
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=105
INSERT INTO BLOCKS VALUES(105,1,0)
INSERT INTO BLOCKS VALUES(106,2147483541,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=105
INSERT INTO LOBS VALUES(105,1,0,106)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(106,1,'2024-03-02 03:38:41.817000',1,106,NULL,176,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=106
INSERT INTO LOB_IDS VALUES(106,176,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(107,2662,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 108
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=106
INSERT INTO BLOCKS VALUES(106,1,0)
INSERT INTO BLOCKS VALUES(107,2147483540,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=106
INSERT INTO LOBS VALUES(106,1,0,107)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(107,1,'2024-03-02 03:38:41.821000',1,107,NULL,2662,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=107
INSERT INTO LOB_IDS VALUES(107,2662,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(108,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 109
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=107
INSERT INTO BLOCKS VALUES(107,1,0)
INSERT INTO BLOCKS VALUES(108,2147483539,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=107
INSERT INTO LOBS VALUES(107,1,0,108)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(108,1,'2024-03-02 03:38:49.061000',1,108,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=108
INSERT INTO LOB_IDS VALUES(108,64,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(109,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 110
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=108
INSERT INTO BLOCKS VALUES(108,1,0)
INSERT INTO BLOCKS VALUES(109,2147483538,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=108
INSERT INTO LOBS VALUES(108,1,0,109)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(109,1,'2024-03-02 03:38:59.082000',1,109,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=109
INSERT INTO LOB_IDS VALUES(109,64,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(110,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 111
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=109
INSERT INTO BLOCKS VALUES(109,1,0)
INSERT INTO BLOCKS VALUES(110,2147483537,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=109
INSERT INTO LOBS VALUES(109,1,0,110)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(110,1,'2024-03-02 03:39:09.067000',1,110,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=110
INSERT INTO LOB_IDS VALUES(110,64,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(111,64,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 112
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=110
INSERT INTO BLOCKS VALUES(110,1,0)
INSERT INTO BLOCKS VALUES(111,2147483536,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=110
INSERT INTO LOBS VALUES(110,1,0,111)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(111,1,'2024-03-02 03:39:19.068000',1,111,NULL,64,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=111
INSERT INTO LOB_IDS VALUES(111,64,1,40)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(112,4,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 113
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=111
INSERT INTO BLOCKS VALUES(111,1,0)
INSERT INTO BLOCKS VALUES(112,2147483535,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=111
INSERT INTO LOBS VALUES(111,1,0,112)
COMMIT
/*C13*/SET SCHEMA PUBLIC
INSERT INTO WEBSOCKET_MESSAGE VALUES(112,1,'2024-03-02 03:39:49.071000',8,112,NULL,2,TRUE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=112
INSERT INTO LOB_IDS VALUES(112,4,1,40)
COMMIT
SET SCHEMA PUBLIC
DELETE FROM WEBSOCKET_CHANNEL WHERE CHANNEL_ID=1
INSERT INTO WEBSOCKET_CHANNEL VALUES(1,'zap',443,'','2024-03-02 03:34:57.550000','2024-03-02 03:40:10.105000',NULL)
COMMIT
/*C1*/INSERT INTO LOB_IDS VALUES(113,197,0,40)
ALTER SEQUENCE SYSTEM_LOBS.LOB_ID RESTART WITH 114
COMMIT
DELETE FROM BLOCKS WHERE BLOCK_ADDR=112
INSERT INTO BLOCKS VALUES(112,1,0)
INSERT INTO BLOCKS VALUES(113,2147483534,0)
DELETE FROM BLOCKS WHERE BLOCK_ADDR=112
INSERT INTO LOBS VALUES(112,1,0,113)
COMMIT
/*C13*/INSERT INTO WEBSOCKET_MESSAGE VALUES(113,1,'2024-03-02 03:40:10.105000',1,113,NULL,197,FALSE)
SET SCHEMA SYSTEM_LOBS
DELETE FROM LOB_IDS WHERE LOB_ID=113
INSERT INTO LOB_IDS VALUES(113,197,1,40)
COMMIT