Newman Run Dashboard

Tuesday, 07 April 2026 00:48:24
Total Iterations

1

Total Assertions

5

Total Failed Tests

20

Total Skipped Tests

0

File Information
Collection: Juice Shop Security Testing
Collection Description
| Test | Payload | Expected | Juice Shop Result | Finding | | --- | --- | --- | --- | --- | | Basic bypass | `' OR '1'='1'--` | 401 | 200 + token | Vulnerable | | Admin bypass | `admin@juice-sh.op'--` | 401 | 200 + token | Vulnerable | | UNION extraction | UNION SELECT ... FROM Users | 400/500 | 200 + data | Critical | | Store script tag | alert ('XSS by Mirage') | PUT /reviews | 400 | 200 stored | | Retrieve payload | – | GET /reviews | Encoded output | Raw script tag | | IDOR — other basket | GET /rest/basket/1 | 403 | 200 + data | IDOR (Insecure Direct Object Reference) |
Timings and Data
Total run duration: 972ms
Total data received: 0B
Average response time: 0ms
Summary Item Total Failed
Requests 11 11
Prerequest Scripts 1 0
Test Scripts 8 5
Assertions 5 4
Skipped Tests 0 -


Showing 20 Failures

Failed Test:
Assertion Error Message
getaddrinfo ENOTFOUND {{baseurl}}
Failed Test:
Assertion Error Message
"undefined" is not valid JSON
Failed Test:
Assertion Error Message
getaddrinfo ENOTFOUND {{baseurl}}
Failed Test:
Assertion Error Message
"undefined" is not valid JSON
Failed Test:
Assertion Error Message
getaddrinfo ENOTFOUND {{baseurl}}
Failed Test: IDOR — cannot access other user basket (must be 403)
Assertion Error Message
expected PostmanResponse{ …(5) } to have property 'code'
Failed Test:
Assertion Error Message
runtime:extensions~request: request url is empty
Failed Test:
Assertion Error Message
getaddrinfo ENOTFOUND {{baseurl}}
Failed Test: Review POST returns 201 or 200
Assertion Error Message
expected undefined to be one of [ 200, 201 ]
Failed Test: Server should have rejected script tag (400)
Assertion Error Message
expected PostmanResponse{ …(5) } to have property 'code'
Failed Test:
Assertion Error Message
getaddrinfo ENOTFOUND {{baseurl}}
Failed Test:
Assertion Error Message
"undefined" is not valid JSON
Failed Test:
Assertion Error Message
getaddrinfo ENOTFOUND {{baseurl}}
Failed Test: User registered — status 201
Assertion Error Message
expected PostmanResponse{ …(5) } to have property 'code'
Failed Test:
Assertion Error Message
getaddrinfo ENOTFOUND {{baseurl}}
Failed Test:
Assertion Error Message
"undefined" is not valid JSON
Failed Test:
Assertion Error Message
getaddrinfo ENOTFOUND {{baseurl}}
Failed Test:
Assertion Error Message
"undefined" is not valid JSON
Failed Test:
Assertion Error Message
runtime:extensions~request: request url is empty
Failed Test:
Assertion Error Message
runtime:extensions~request: request url is empty


There are no skipped tests



1 Iteration available to view
Request Information
Request Method: GET
Request URL: http://{{baseurl}}/rest/user/whoami
Response Information
Response Code: -
Mean time per request: 0ms
Mean size per request: 0B
Test Pass Percentage
No Tests for this request
Request Headers
Header NameHeader Value
Authorization Bearer {{authToken}}}
User-Agent PostmanRuntime/7.39.1
Accept */*
Cache-Control no-cache
Postman-Token 6bd8b421-11b2-474e-9774-f8689a675f27
Host {{baseurl}}
Accept-Encoding gzip, deflate, br
Connection keep-alive
Response Headers
Response Body
No Response Body for this request
Test Information
No Tests for this request
Request Information
Request Method: GET
Request URL: http://{{baseurl}}/rest/user/whoami
Response Information
Response Code: -
Mean time per request: 0ms
Mean size per request: 0B
Test Pass Percentage
No Tests for this request
Request Headers
Header NameHeader Value
Authorization Bearer {{authToken}}
User-Agent PostmanRuntime/7.39.1
Accept */*
Cache-Control no-cache
Postman-Token 1384cb8f-0216-42d3-9496-afe85eae2452
Host {{baseurl}}
Accept-Encoding gzip, deflate, br
Connection keep-alive
Response Headers
Response Body
No Response Body for this request
Test Information
No Tests for this request
Request Information
Request Method: GET
Request URL: http://{{baseurl}}/rest/basket/1
Response Information
Response Code: -
Mean time per request: 0ms
Mean size per request: 0B
Test Pass Percentage
50 %
Request Headers
Header NameHeader Value
Authorization Bearer {{authToken}}
User-Agent PostmanRuntime/7.39.1
Accept */*
Cache-Control no-cache
Postman-Token 3881044c-6320-468e-88a4-6ef598933fc8
Host {{baseurl}}
Accept-Encoding gzip, deflate, br
Connection keep-alive
Response Headers
Response Body
No Response Body for this request
Test Information
NamePassedFailedSkipped
IDOR — cannot access other user basket (must be 403) 0 1 0
Other user data not returned 1 0 0
Total 1 1 0
Test Failure
Test NameAssertion Error
IDOR — cannot access other user basket (must be 403) 
expected PostmanResponse{ …(5) } to have property 'code'
Request Information
Request Method: GET
Request URL:
Response Information
Response Code: -
Mean time per request: 0ms
Mean size per request: 0B
Test Pass Percentage
No Tests for this request
Request Headers
Header NameHeader Value
Response Headers
Response Body
No Response Body for this request
Test Information
No Tests for this request
Request Information
Request Method: GET
Request URL: http://{{baseurl}}/rest/products/1/reviews
Response Information
Response Code: -
Mean time per request: 0ms
Mean size per request: 0B
Test Pass Percentage
0 %
Request Headers
Header NameHeader Value
Content-Type application/json
Authorization Bearer {{authToken}}
User-Agent PostmanRuntime/7.39.1
Accept */*
Cache-Control no-cache
Postman-Token 770cfe9e-8b1b-4d85-bba4-af443c6c7f88
Host {{baseurl}}
Accept-Encoding gzip, deflate, br
Connection keep-alive
Request Body
{
          "message": "<script>alert('XSS by Mirage')</script>",
          "author": "{{userEmail}}"
        }
Response Headers
Response Body
No Response Body for this request
Test Information
NamePassedFailedSkipped
Review POST returns 201 or 200 0 1 0
Server should have rejected script tag (400) 0 1 0
Total 0 2 0
Test Failures
Test NameAssertion Error
Review POST returns 201 or 200 
expected undefined to be one of [ 200, 201 ]
Server should have rejected script tag (400) 
expected PostmanResponse{ …(5) } to have property 'code'
Request Information
Request Method: GET
Request URL: http://{{baseurl}}/rest/products/1/reviews
Response Information
Response Code: -
Mean time per request: 0ms
Mean size per request: 0B
Test Pass Percentage
No Tests for this request
Request Headers
Header NameHeader Value
Authorization Bearer {{authToken}
User-Agent PostmanRuntime/7.39.1
Accept */*
Cache-Control no-cache
Postman-Token c0c04285-8210-49f0-a75b-06d8cdec3bca
Host {{baseurl}}
Accept-Encoding gzip, deflate, br
Connection keep-alive
Response Headers
Response Body
No Response Body for this request
Test Information
No Tests for this request
Request Information
Request Method: POST
Request URL: http://{{baseurl}}/api/Users/
Response Information
Response Code: -
Mean time per request: 0ms
Mean size per request: 0B
Test Pass Percentage
0 %
Request Headers
Header NameHeader Value
Content-Type application/json
User-Agent PostmanRuntime/7.39.1
Accept */*
Cache-Control no-cache
Postman-Token d6e4a4ae-b4c8-4903-940e-bf7129c49179
Host {{baseurl}}
Accept-Encoding gzip, deflate, br
Connection keep-alive
Request Body
{
          "email": "miragesth@juice.com",
          "password": "MirageSth@123!",
          "passwordRepeat": "MirageSth@123!",
          "securityQuestion": { "id": 2 },
          "securityAnswer": "miragesth"
        }
Response Headers
Response Body
No Response Body for this request
Test Information
NamePassedFailedSkipped
User registered — status 201 0 1 0
Total 0 1 0
Test Failure
Test NameAssertion Error
User registered — status 201 
expected PostmanResponse{ …(5) } to have property 'code'
Request Information
Request Method: POST
Request URL: http://{{baseurl}}/rest/user/login
Response Information
Response Code: -
Mean time per request: 0ms
Mean size per request: 0B
Test Pass Percentage
No Tests for this request
Request Headers
Header NameHeader Value
Content-Type application/json
User-Agent PostmanRuntime/7.39.1
Accept */*
Cache-Control no-cache
Postman-Token fe1606d1-8bc4-4fb1-ae16-664594a27722
Host {{baseurl}}
Accept-Encoding gzip, deflate, br
Connection keep-alive
Request Body
{
          "email": "{{userEmail}}",
          "password": "{{userPassword}}"
        }
Response Headers
Response Body
No Response Body for this request
Test Information
No Tests for this request
Request Information
Request Method: POST
Request URL: http://{{baseurl}}/rest/user/login
Response Information
Response Code: -
Mean time per request: 0ms
Mean size per request: 0B
Test Pass Percentage
No Tests for this request
Request Headers
Header NameHeader Value
Content-Type application/json
User-Agent PostmanRuntime/7.39.1
Accept */*
Cache-Control no-cache
Postman-Token 857ccd62-2791-444c-92d6-1fba75d08180
Host {{baseurl}}
Accept-Encoding gzip, deflate, br
Connection keep-alive
Request Body
{
          "email": "' OR '1'='1'--",
          "password": "anything"
        }
Response Headers
Response Body
No Response Body for this request
Test Information
No Tests for this request
Request Information
Request Method: GET
Request URL:
Response Information
Response Code: -
Mean time per request: 0ms
Mean size per request: 0B
Test Pass Percentage
No Tests for this request
Request Headers
Header NameHeader Value
Response Headers
Response Body
No Response Body for this request
Test Information
No Tests for this request
Request Information
Request Method: GET
Request URL:
Response Information
Response Code: -
Mean time per request: 0ms
Mean size per request: 0B
Test Pass Percentage
No Tests for this request
Request Headers
Header NameHeader Value
Response Headers
Response Body
No Response Body for this request
Test Information
No Tests for this request