WAF Detection (waf-detect:securesphere) found on https://api-rof-bd.herokuapp.com/api

[github-actions]

Details: waf-detect:securesphere matched at https://api-rof-bd.herokuapp.com/api

Protocol: HTTP

Full URL: https://api-rof-bd.herokuapp.com/api/

Timestamp: Sat Jun 18 18:53:32 +0000 UTC 2022

Template Information

Key	Value
Name	WAF Detection
Authors	dwisiswant0, lu4nx
Tags	waf, tech, misc
Severity	info
Description	A web application firewall was detected.
CWE-ID	CWE-200
CVSS-Score	0.00

Request

POST /api/ HTTP/1.1
Host: api-rof-bd.herokuapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Connection: close
Content-Length: 27
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip

_=<script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Length: 144
Content-Security-Policy: default-src 'none'
Content-Type: text/html; charset=utf-8
Date: Sat, 18 Jun 2022 18:53:32 GMT
Server: Cowboy
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Powered-By: Express
X-Ratelimit-Limit: 100
X-Ratelimit-Remaining: 7
X-Ratelimit-Reset: 1656075813

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot POST /api/</pre>
</body>
</html>

References:

• https://github.com/ekultek/whatwaf

CURL Command

curl -X 'POST' -d '_=<script>alert(1)</script>' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Host: api-rof-bd.herokuapp.com' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36' 'https://api-rof-bd.herokuapp.com/api/'

---

Generated by Nuclei 2.7.2