Cats

All Tests / Test 1261

Test Id

Test 1261

Test Trace Id

c41e2c34-1ec5-47d6-a0f7-c88fbf8ec2da

Timestamp

Tue, 23 Jun 2026 21:26:53 GMT

Scenario

Send a malformed JSON which has the string 'bla' at the end

Expected Result

Should return 4XX

Result

error

Result Details

The following keywords were detected in the response which might suggest an error details leak: [forbidden]

Contract Path

/api/account/password

Fuzzer

MalformedJson

Full Request Path

https://qa-api.puk3p.online/api/account/password

Http Method

post

Request Details

Payload

{
  "newPassword": "catsISc00l?!useIt#",
  "currentPassword": "catsISc00l?!useIt#"
}bla

Request Details

Headers

[
  {
    "key": "Accept",
    "value": "application/json"
  },
  {
    "key": "Content-Type",
    "value": "application/json"
  },
  {
    "key": "User-Agent",
    "value": "cats/13.8.1-SNAPSHOT (Test 1261 - MalformedJson)"
  },
  {
    "key": "X-Cats-Trace-Id",
    "value": "c41e2c34-1ec5-47d6-a0f7-c88fbf8ec2da"
  }
]

Request Details

cURL

curl  -X POST \
     -H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "User-Agent: cats/13.8.1-SNAPSHOT (Test 1261 - MalformedJson)" \
-H "X-Cats-Trace-Id: c41e2c34-1ec5-47d6-a0f7-c88fbf8ec2da" \
 \
      -d '{"newPassword":"catsISc00l?!useIt#","currentPassword":"catsISc00l?!useIt#"}bla' \
      https://qa-api.puk3p.online/api/account/password

Response

{
  "responseCode": 403,
  "httpMethod": "POST",
  "responseTimeInMs": "125",
  "numberOfWordsInResponse": "1",
  "numberOfLinesInResponse": "1",
  "contentLengthInBytes": "104",
  "jsonBody": {
    "timestamp": "2026-06-23T21:26:53.120Z",
    "status": 403,
    "error": "Forbidden",
    "path": "/api/account/password"
  },
  "headers": [
    {
      "key": "cache-control",
      "value": "no-cache, no-store, max-age=0, must-revalidate"
    },
    {
      "key": "content-type",
      "value": "application/json"
    },
    {
      "key": "date",
      "value": "Tue, 23 Jun 2026 21:26:53 GMT"
    },
    {
      "key": "expires",
      "value": "0"
    },
    {
      "key": "pragma",
      "value": "no-cache"
    },
    {
      "key": "server",
      "value": "nginx/1.24.0 (Ubuntu)"
    },
    {
      "key": "strict-transport-security",
      "value": "max-age=31536000 ; includeSubDomains"
    },
    {
      "key": "vary",
      "value": "Origin"
    },
    {
      "key": "x-content-type-options",
      "value": "nosniff"
    },
    {
      "key": "x-frame-options",
      "value": "DENY"
    },
    {
      "key": "x-xss-protection",
      "value": "0"
    }
  ],
  "responseContentType": "application/json"
}

CATS Replay

cats replay Test1261