Examples¶
Here are examples of getting a proof-of-concept image.
Get a POC Image¶
Request using the ‘curl’ command:
curl --location --request \
GET 'https://secure.cedar.com\
/api/public/v3.1/vulnerabilities/pocs/POC_7142522155' \
--header 'token: 2fb1befec06fcd8a4ef0aa10349b665902fa8de9' \
--header 'Accept: image/jpeg' > file.jpg
Request using an Apache Groovy script:
// NOTE: Environment (env) and other variables have to be
// defined beforehand..
// The downloaded report will be available in the Jenkins path
// where it is executed.
def get_poc = httpRequest
customHeaders: [[name: 'token', value: "${env.Token}"],
[name: 'accept', value: 'image/jpeg']], ignoreSslErrors: true,
outputFile: '${env.FileName}', responseHandle: 'NONE',
url:
'${env.HostUrl}/api/public/v3.1/vulnerabilities/
pocs/${env.PocId}'
if(get_poc.status==200) {
println("Successfully Downloaded POC")
} else {
println("Failed to Download POC")
}
Request using Java source code:
public void getPoc(String pocId, String fileName) {
Client client = ClientBuilder.newClient();
WebTarget target =
client.target(MSP_HOST)
.path("/api/public/v3.1/vulnerabilities/pocs/" + pocId);
Response response =
target.request()
.accept("image/jpeg").header("token", MSP_TOKEN).get();
if (response.getStatus() == 200) {
FileOutputStream out;
try {
out = new
FileOutputStream(
"/Users/srbasha/Downloads/temp/"+fileName);
InputStream is = (InputStream)response.getEntity();
int len = 0;
byte[] buffer = new byte[4096];
while((len = is.read(buffer)) != -1) {
out.write(buffer, 0, len);
}
out.flush();
out.close();
is.close();
} catch (FileNotFoundException e) {
System.out.println("File not found. ");
} catch (IOException e) {
System.out.
println(
"Exception occurred while downloading the file. ");
}
} else {
System.out.
println("Unable to download the file,
Status Code : "+response.getStatus());
}
client.close();
}
Response:
Status: 200
Response Body in JSON:
{
"version": 1.2,
"generatedAt": "2020-05-27T09:16:53.308096Z",
"vulnerabilities": [
"0" : {
"title": "HTTP TRACE Method Enabled",
"systemic": "NO",
"severity": "Medium",
"impactDescription": "<br>The TRACE HTTP method can be used in
conjunction with other vulnerabilities (such as
cross-site scripting) to return the entire
contents of an HTTP request message (including
HTTP headers) to an attacker. Since the server
echoes both the request body and HTTP headers,
an attacker able to obtain the response to the
TRACE request would gain access to sensitive
information passed via HTTP headers, including
session identifiers passed via cookies.
The attacker could then use this information to
impersonate the victim in the application. \n
<br>",
"description": "<br>The HTTP TRACE method is enabled on the web
server. The HTTP TRACE method instructs the web
server to echo the entire contents of the
received message back to the calling client,
usually for debugging purposes. Consider the
following example TRACE request to a web server
running on localhost:
\n<br> \n<pre><br><div style='background-color:#EFEFEF;
margin-left:60px; margin-right:50px;'><code>TRACE / HTTP/1.1
Host: 127.0.0.1 </code></div><br>>/pre> \n<br>
If TRACE is enabled, the server will respond with a
message body consisting of the initial request's HTTP
headers and message body:
\n<br> \n<pre><br><div style='background-color:#EFEFEF;
margin-left:60px; margin-right:50px;'><code>HTTP/1.1 200 OK
Date: Sat, 11 May 2013 14:46:59
GMT Server: Apache/2.2.3 (Red Hat)
Connection: close Transfer-Encoding: chunked
Content-Type: message/http TRACE
/ HTTP/1.1 Host: 127.0.0.1 </code></div><br></pre>",
"recommendation": "<br>Disable the HTTP TRACE method if not required
for the web server to function properly. \n<br>",
"stepsToReproduce": "<br>Configure your browser to use a proxy
tool such as Burp Suite. \n<br>Navigate to
the application login page. \n<br>In Burp,
send the above request to the Repeater. \n
<br>Change the request method from GET to
TRACE and forward the request. \n<br>
Observe the OK response indicates the TRACE
method is enabled. \n<br>",
"pci": {
"id": "6.5.1",
"description": "Injection Flaws"
},
"cwe": {
"id": 81,
"category": "sample category",
"flawname": "sample category flawname"
},
"nist": {
"version": "NIST-800-30-V2",
"impact": "Medium",
"likelihood": "Medium",
},
"owasp": {
"family": "Server Misconfiguration"
},
"sans": {
"code": "sample code"
},
"referenceUrls": [
{
"referenceUrl": "ftp://nonexcessiveness.example.edu"
}
],
"instances": {
"id": "VULNERABILITY_60760276",
"targetId": "TARGET_1009992135",
"targetName": "trimethylglycine",
"targetUrl": "ftp://interventionists.example.priv/posterointernal/
interpetiolary?q=ftp%3A%2F%2F",
"serviceType": "WEB_APPLICATION_TEST",
"testType": "DAST Standard (DAST-S)",
"type": "dynamic",
"url": "http://instance2.com",
"parameters": {
"type": "Parameter",
"name": "parameter name",
"value": "parameter value"
},
"instanceStepsToReproduce":
"instance steps to reproduce for instance1",
"state": "OLD",
"occurences": {
"open": {
"date": "2019-11-18T10:47:04.091878Z",
"testId": "TEST_1234"
},
"close": {
"date": "2019-11-18T10:47:04.091878Z",
"testId": "TEST_1234"
},
"retest": {
"date": "2019-11-18T10:47:04.091878Z"
}
},
"pocs": {
"description": "poc description",
"pocInstanceId": "POC_7142522155"
},
"status": "OPEN"
}
}
]
}
Response Body in XML:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MSPortalXmlReport>
<version>1.2</version>
<generatedAt>2020-05-27T09:16:13.145625Z</generatedAt>
<vulnerabilities>
<vulnerability>
<title><![CDATA[HTTP TRACE Method Enabled]]></title>
<systemic>NO</systemic>
<severity>Medium</severity>
<impactDescription><![CDATA[<br>The TRACE HTTP method
can be used in conjunction with other vulnerabilities (such as
cross-site scripting) to return the entire contents of an HTTP
request message (including HTTP headers) to an attacker. Since
the server echoes both the request body and HTTP headers, an
attacker able to obtain the response to the TRACE request
would gain access to sensitive information passed via HTTP
headers, including session identifiers passed via cookies. The
attacker could then use this information to impersonate the
victim in the application.
<br>]]></impactDescription>
<description><![CDATA[<br>The HTTP TRACE method is
enabled on the web server. The HTTP TRACE method instructs the
web server to echo the entire contents of the received message
back to the calling client, usually for debugging purposes.
Consider the following example TRACE request to a web server
running on localhost:
<br>
<pre><br><div style='background-color:#EFEFEF;
margin-left:60px; margin-right:50px;'><code>TRACE / HTTP/1.1
Host: 127.0.0.1 </code></div><br></pre> <br>
If TRACE is enabled, the server will respond with a message body
consisting of the initial request's HTTP headers and message body:
<br> <pre><br><div style='background-color:#EFEFEF;
margin-left:60px; margin-right:50px;'><code>HTTP/1.1 200 OK
Date: Sat, 11 May 2013 14:46:59 GMT Server: Apache/2.2.3 (Red Hat)
Connection: close Transfer-Encoding: chunked
Content-Type: message/http TRACE / HTTP/1.1
Host: 127.0.0.1 </code></div><br></pre>]]>
</description><recommendation>
<![CDATA[<br>Disable the HTTP TRACE method if not
required for the web server to function properly.
<br>]]></recommendation>
<stepsToReproduce><![CDATA[<br>Configure your browser
to use a proxy tool such as Burp Suite.
<br>Navigate to the application login page.
<br>In Burp, send the above request to the Repeater.
<br>Change the request method from GET to TRACE and forward
the request.
<br>Observe the OK response indicates the TRACE method is
enabled.
<br>]]></stepsToReproduce>
<pci/>
<cwe/>
<nist>
<version>NIST_800-30-V2</version>
<impact>Medium</impact>
<likelihood>Medium</likelihood>
</nist>
<owasp>
<family><![CDATA[Server Misconfiguration]]></family>
</owasp>
<sans/>
<referenceUrls>
<referenceUrl>
<referenceUrl><![CDATA[ftp://nonexcessiveness.example.edu]]>
</referenceUrl>
</referenceUrl>
</referenceUrls>
<instances>
<instance>
<id>VULNERABILITY_60760276</id>
<targetId>TARGET_1009992135</targetId>
<targetName>trimethylglycine</targetName>
<targetUrl><![CDATA[ftp://interventionists.example.priv/
posterointernal/interpetiolary?q=ftp%80%3A%3A]]></targetUrl>
<serviceType>WEB_APPLICATION_TEST</serviceType>
<testType>DAST Standard (DAST-S)</testType>
<type>dynamic</type>
<url><![CDATA[http://instance2.com]]></url>
<parameters>
<parameter>
<type>Cookie</type>
<name><![CDATA[name]]></name>
<value><![CDATA[vlauwer]]></value>
</parameter>
</parameters>
<state>Old</state>
<occurences>
<occurence>
<open>
<date>Tue Mar 24 11:11:08 GMT 2020</date>
<testId>TEST_1103427718</testId>
</open>
</occurence>
</occurences>
<pocs>
<poc>
<description><![CDATA[caption1]]></description>
<pocInstanceId>POC_7142522155</pocInstanceId>
</poc>
</pocs>
<status>OPEN</status>
</instance>
</instances>
</vulnerability>
</vulnerabilities>
</MSPortalXmlReport>
Parent topic:Get Proof of Concept (POC)