You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Severity: HighDiscovered: 05 of October-2023, 11:49 AM
CWE ID
CWE-284
CVSS
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
Target application contains a reference to an S3 bucket that no longer exists.
An attacker can register a new S3 bucket under the same original name.
The target application would use the new S3 bucket under the control of the attacker.
Attacker can populate the S3 bucket with malicious content or intercept legitimate traffic intended for the S3 bucket,
potentially leading to data theft or other malicious activities.
Possible exposure
Data breaches, Malware distribution, negatively impact reputation
Remediation suggestions
Remove unused S3 buckets reference URLs from code.
Request
GET http://brokencrystals.com/static/js/main.9e44b974.chunk.js HTTP/1.1Referer: http://brokencrystals.com/User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/106.0.5249.119 Safari/537.36Accept: */*Accept-Encoding: identityConnection: keep-aliveHost: brokencrystals.comContent-Length: 0
Response
HTTP/1.1 200Accept-Ranges: bytesContent-Length: 48979Content-Type: application/javascriptDate: Thu, 05 Oct 2023 11:49:27 GMTETag: "64d248ac-bf53"Last-Modified: Tue, 08 Aug 2023 13:52:44 GMT
(this["webpackJsonpreact-broken-crystals"]=this["webpackJsonpreact-broken-crystals"]||[]).push([[0],{3:function(e,t,a){"use strict";a.d(t,"n",(function(){return u})),a.d(t,"h",(function(){return j})),a.d(t,"i",(function(){return d})),a.d(t,"f",(function(){return m})),a.d(t,"c",(function(){return b})),a.d(t,"t",(function(){return h})),a.d(t,"s",(function(){return p})),a.d(t,"u",(function(){return O})),a.d(t,"j",(function(){return x})),a.d(t,"y",(function(){return f})),a.d(t,"k",(function(){return g})),a.d(t,"d",(function(){return v})),a.d(t,"o",(function(){return N})),a.d(t,"p",(function(){return S})),a.d(t,"e",(function(){return w})),a.d(t,"q",(function(){return y})),a.d(t,"g",(function(){return k})),a.d(t,"l",(function(){return I})),a.d(t,"a",(function(){return q})),a.d(t,"x",(function(){return C})),a.d(t,"w",(function(){return T})),a.d(t,"m",(function(){return A})),a.d(t,"r",(function(){return F})),a.d(t,"v",(function(){return R})),a.d(t,"b",(function(){return L})),a.d(t,"z",(function(){return D}));var n,c=a(2),s=a(4),i=a(34),r=a.n(i),l=a(6);function o(e){var t="string"===typeof e?{url:e}:e;return u.request(t).then((function(e){var t=e.headers.authorization;return t&&sessionStorage.setItem("token",t),e.data})).catch((function(e){switch(e.response.status){case 401:return sessionStorage.clear(),localStorage.clear(),Object(s.a)(Object(s.a)({},e),{},{errorText:"Authentication failed, please check your credentials and try again"});case 409:return Object(s.a)(Object(s.a)({},e),{},{errorText:"User already exists"});default:return Object(s.a)(Object(s.a)({},e),{},{errorText:"Something went wrong. Please try again later"})}}))}!function(e){e.Subscriptions="/api/subscriptions",e.Testimonials="/api/testimonials",e.Products="/api/products",e.LatestProducts="/api/products/latest",e.Users="/api/users",e.Auth="/api/auth",e.Metadata="/api/metadata",e.Goto="/api/goto",e.Render="/api/render",e.Spawn="/api/spawn",e.File="/api/file"}(n||(n={}));var u=r.a.create();function j(){return o({url:n.Testimonials,method:"get"})}function d(){return o({url:"".concat(n.Testimonials,"/count?query=").concat(encodeURIComponent("select count(1) as count from testimonial")),method:"get"})}function m(){return o({url:n.Products,method:"get",headers:{authorization:sessionStorage.getItem("token")||localStorage.getItem("token")}})}function b(){return o({url:n.LatestProducts,method:"get"})}function h(e){return o({url:n.Testimonials,method:"post",headers:{authorization:sessionStorage.getItem("token")||localStorage.getItem("token")},data:e})}function p(e){return o({url:"".concat(n.Subscriptions,"?email=").concat(e),method:"post"})}function O(e){return o({url:"".concat(n.Users,"/").concat(e.op),method:"post",data:e})}function x(e){var t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},a=e.op===l.a.HTML?E(e):e;return o(Object(s.a)({url:"".concat(n.Auth,"/login"),method:"post",data:a},t))}function f(e){return o({url:"".concat(n.Users,"/search/").concat(e),method:"get",headers:{authorization:sessionStorage.getItem("token")||localStorage.getItem("token")}})}function g(e){var t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{};return o(Object(s.a)({url:"".concat(n.Users,"/one/").concat(e.trim()),method:"get"},t))}function v(e){return o({url:"".concat(n.Users,"/ldap?query=").concat(encodeURIComponent(e)),method:"get"})}function N(e){return o({url:"".concat(n.Auth,"/dom-csrf-flow"),method:"get",headers:{fingerprint:e}})}function S(){return o({url:"".concat(n.Auth,"/simple-csrf-flow"),method:"get"})}function w(){return o({url:"".concat(n.Auth,"/oidc-client"),method:"get"})}function y(){return o({url:"".concat(n.Metadata),method:"post",headers:{"content-type":"text/xml"},data:'<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE child [ <!ENTITY child SYSTEM "file:///etc/passwd"> ]><child></child>'})}function k(){return o({url:"".concat(n.Spawn,"?command=pwd"),method:"get",headers:{"content-type":"text/plain"}})}function I(e){return o({url:"".concat(n.Users,"/one/").concat(e,"/photo"),method:"get",headers:{authorization:sessionStorage.getItem("token")||localStorage.getItem("token")},responseType:"arraybuffer"})}function q(e){return o({url:"".concat(n.Users,"/one/").concat(e,"/adminpermission"),method:"get",headers:{authorization:sessionStorage.getItem("token")||localStorage.getItem("token")}})}function C(e){return o({url:"".concat(n.Users,"/one/").concat(e.email,"/info"),method:"put",headers:{"content-type":"application/json",authorization:sessionStorage.getItem("token")||localStorage.getItem("token")},data:e})}function T(e,t){var a=new FormData;return a.append(t,e,e.name),o({url:"".concat(n.Users,"/one/").concat(t,"/photo"),method:"put",headers:{"content-type":"image/png",authorization:sessionStorage.getItem("token")||localStorage.getItem("token")},data:a})}function A(e){return o({url:"".concat(n.Goto,"?url=").concat(e),method:"get"})}function F(e){return o({url:n.Render,method:"post",headers:{"content-type":"text/plain"},data:e})}function E(e){return Object.entries(e).reduce((function(e,t){var a=Object(c.a)(t,2),n=a[0],s=a[1];return e.append(n,s),e}),new URLSearchParams)}function R(e,t){return o({url:"".concat(n.File,"/raw?path=").concat(e),method:"put",headers:{"content-type":"file/*"},data:t})}function L(e){return o({url:"".concat(n.File,"/raw?path=").concat(e),method:"get",headers:{"content-type":"file/*"}})}function D(e){return o({url:"".concat(n.Products,"/views"),method:"get",headers:{authorization:sessionStorage.getItem("token")||localStorage.getItem("token"),"x-product-name":e}})}},35:function(e,t,a){"use strict";(function(e){var n=a(2),c=a(1),s=a(9),i=a(3),r=a(5),l=a(0);t.a=function(){var t=sessionStorage.getItem("email")||localStorage.getItem("email"),a=sessionStorage.getItem("userName")||localStorage.getItem("userName"),o=Object(c.useState)(),u=Object(n.a)(o,2),j=u[0],d=u[1];Object(c.useEffect)((function(){m()}),[]);var m=function(){if(!t)return null;Object(i.l)(t).then((function(t){var a=new e(t,"binary").toString("base64");a&&d("data: image / png; base64, ".concat(a))}))};return Object(l.jsx)(l.Fragment,{children:t?Object(l.jsxs)(l.Fragment,{children:[Object(l.jsx)("label",{htmlFor:"file-input",className:"file-input-label",children:Object(l.jsx)("img",{src:j||"assets/img/profile.png",alt:"",className:"profile-image"})}),Object(l.jsxs)(s.a,{to:r.a.Home,className:"get-started-btn scrollto",onClick:function(){sessionStorage.clear(),localStorage.clear(),window.location.reload()},children:["Log out ",a]}),Object(l.jsx)("input",{id:"file-input",type:"file",accept:"image/x-png",style:{display:"none"},onChange:function(e){var a=e.target.files[0];if(!a||!t)return null;Object(i.w)(a,t).then((function(){return m()}))}})]}):Object(l.jsxs)(l.Fragment,{children:[Object(l.jsx)("a",{href:"".concat(r.a.Login,"?logobgcolor=transparent"),className:"get-started-btn scrollto",children:"Sign in"}),Object(l.jsx)("a",{href:r.a.LoginNew,className:"get-started-btn scrollto",children:"2-step Sign in"})]})})}}).call(this,a(63).Buffer)},5:function(e,t,a){"use strict";var n;a.d(t,"a",(function(){return n})),function(e){e.Home="/",e.Login="/userlogin",e.LoginNew="/newuserlogin",e.PasswordCheck="/passwordcheck",e.Register="/usersignup",e.Marketplace="/marketplace",e.Userprofile="/userprofile",e.Adminpage="/adminpage",e.Dashboard="/dashboard"}(n||(n={}))},6:function(e,t,a){"use strict";var n;a.d(t,"a",(function(){return n})),function(e){e.BASIC="basic",e.HTML="html",e.CSRF="csrf",e.DOM_BASED_CSRF="csrf_dom",e.OIDC="oidc"}(n||(n={}))},75:function(e,t,a){"use strict";a.r(t);var n=a(1),c=a(33),s=a.n(c);var i=a(7),r=a(5),l=a(2),o=a(3),u=a(9),j=a(0),d=[{name:"Home",path:"/",newTab:!1},{name:"Marketplace",path:"/marketplace",newTab:!1},{name:"Edit user data",path:r.a.Userprofile,newTab:!1},{name:"Adminmenu",path:"",newTab:!1,admin:!0,subItems:[{name:"Adminpage",path:r.a.Adminpage,newTab:!1},{name:"Dashboard",path:r.a.Dashboard,newTab:!1}]},{name:"API Schema",path:"",newTab:!1,subItems:[{name:"OpenAPI 3.0 JSON",path:"/swagger-json",newTab:!0},{name:"API Reference",path:"/swagger",newTab:!0},{name:"GraphiQL",path:"/graphiql",newTab:!0}]},{name:"Vulnerabilities",path:"https://github.com/NeuraLegion/brokencrystals#vulnerabilities-overview",newTab:!0}],m=function(){var e=sessionStorage.getItem("email")||localStorage.getItem("email"),t=Object(n.useState)(!1),a=Object(l.a)(t,2),c=a[0],s=a[1];Object(n.useEffect)((function(){i()}),[c]);var i=function(){e&&Object(o.a)(e).then((function(e){s(e.isAdmin)}))};return Object(j.jsx)("nav",{className:"nav-menu d-none d-lg-block",children:Object(j.jsx)("ul",{children:d.map((function(e,t){return!e.admin||c?function(e,t){return Object(j.jsxs)("li",{className:"".concat(e.subItems&&"drop-down"," ").concat(window.location.pathname==e.path&&"active"),children:[Object(j.jsx)("a",{href:e.path,target:e.newTab?"_blank":void 0,children:e.name}),e.subItems&&Object(j.jsx)("ul",{children:e.subItems.map((function(e,t){return Object(j.jsx)("li",{children:Object(j.jsx)("a",{href:e.path,target:e.newTab?"_blank":void 0,children:e.name})},t)}))})]},t)}(e,t):Object(j.jsx)(j.Fragment,{})}))})})},b=a(35),h=function(e){Object(n.useEffect)((function(){Object(o.q)().then((function(e){return console.log("xml",e)})),Object(o.g)().then((function(e){return console.log("spawn",e)}))}),[]);var t;return Object(j.jsx)("header",{id:"header",className:"fixed-top ".concat(e.onInnerPage?"header-inner-pages":""),children:Object(j.jsx)("div",{className:"container-fluid",children:Object(j.jsx)("div",{className:"row justify-content-center",children:Object(j.jsxs)("div",{className:"col-xl-9 d-flex align-items-center",children:[Object(j.jsxs)(u.a,{to:"/",className:"logo mr-auto",onClick:(t="/",function(){Object(o.m)(t).then((function(){return console.log("goto",t)}))}),children:[Object(j.jsx)("img",{src:"assets/img/logo.png",alt:"",className:"img-fluid"})," ","BROKEN CRYSTALS"]}),Object(j.jsx)(m,{}),Object(j.jsx)(b.a,{})]})})})})},p=a(38),O=a.n(p),x=(a(73),a(74),a(11)),f=a(4),g={name:"",title:"",message:""},v=function(e){var t=sessionStorage.getItem("email")||localStorage.getItem("email"),a=Object(n.useState)(g),c=Object(l.a)(a,2),s=c[0],i=c[1],r=s.name,u=s.title,d=s.message,m=e.setNewTestimonial,b=function(e){var t=e.target,a=t.name,n=t.value;i(Object(f.a)(Object(f.a)({},s),{},Object(x.a)({},a,n)))};return Object(j.jsx)(j.Fragment,{children:t&&Object(j.jsx)("div",{className:"container mt-5","data-aos":"fade-up",children:Object(j.jsxs)("form",{role:"form",onSubmit:function(e){e.preventDefault(),Object(o.t)(s).then((function(){m&&m(s),i(g)}))},children:[Object(j.jsxs)("div",{className:"form-row",children:[Object(j.jsxs)("div",{className:"col-md-6 form-group",children:[Object(j.jsx)("input",{type:"text",name:"name",className:"form-control",id:"name",placeholder:"Your Name","data-rule":"minlen:4","data-msg":"Please enter at least 4 chars",value:r,onInput:b}),Object(j.jsx)("div",{className:"validate"})]}),Object(j.jsxs)("div",{className:"col-md-6 form-group",children:[Object(j.jsx)("input",{type:"text",className:"form-control",name:"title",id:"job-title",placeholder:"Your Title","data-rule":"minlen:4","data-msg":"Please enter at least 4 chars",value:u,onInput:b}),Object(j.jsx)("div",{className:"validate"})]})]}),Object(j.jsxs)("div",{className:"form-group",children:[Object(j.jsx)("textarea",{className:"form-control",name:"message",rows:5,"data-rule":"required","data-msg":"Please write something for us",placeholder:"Testimonial",value:d,onChange:b}),Object(j.jsx)("div",{className:"validate"})]}),Object(j.jsx)("div",{className:"text-center",children:Object(j.jsx)("button",{className:"submit-testimonial",type:"submit",children:"Send Testimonial"})})]})})})},N=a(15),S=function(e){var t=e.testimonials;return Object(j.jsx)(j.Fragment,{children:t.map((function(e,t){return Object(j.jsxs)("div",{className:"testimonial-item",children:[Object(j.jsxs)("p",{children:[Object(j.jsx)("i",{className:"bx bxs-quote-alt-left quote-icon-left"}),Object(j.jsx)("span",{className:"dangerous-html",children:Object(j.jsx)(N.a,{html:e.message})}),Object(j.jsx)("i",{className:"bx bxs-quote-alt-right quote-icon-right"})]}),Object(j.jsx)("img",{src:"assets/img/testimonials/testimonials-1.jpg",className:"testimonial-img",alt:""}),Object(j.jsx)("h3",{className:"dangerous-html",children:Object(j.jsx)(N.a,{html:e.name})}),Object(j.jsx)("h4",{className:"dangerous-html",children:Object(j.jsx)(N.a,{html:e.title})})]},e.name+t)}))})},w=function(e){var t=Object(n.useState)([]),a=Object(l.a)(t,2),c=a[0],s=a[1],i=Object(n.useState)(),r=Object(l.a)(i,2),u=r[0],d=r[1],m=Object(n.useState)(0),b=Object(l.a)(m,2),h=b[0],p=b[1];return Object(n.useEffect)((function(){Object(o.h)().then((function(e){return s(e)})),Object(o.i)().then((function(e){return p(e)}))}),[]),Object(n.useEffect)((function(){if(u)return Object(o.h)().then((function(e){return s(e)})),Object(o.i)().then((function(e){return p(e)})),function(){return s([])}}),[u]),Object(j.jsxs)("section",{id:"testimonials",className:"testimonials section-bg",children:[Object(j.jsxs)("div",{className:"container","data-aos":"fade-up",children:[Object(j.jsxs)("div",{className:"section-title",children:[Object(j.jsxs)("h2",{children:["Testimonials (",h,")"]}),Object(j.jsx)("p",{children:"Magnam dolores commodi suscipit. Necessitatibus eius consequatur ex aliquid fuga eum quidem. Sit sint consectetur velit. Quisquam quos quisquam cupiditate. Et nemo qui impedit suscipit alias ea. Quia fugiat sit in iste officiis commodi quidem hic quas."})]}),(null===c||void 0===c?void 0:c.length)?Object(j.jsx)(O.a,{className:"owl-carousel",dots:!0,items:3,loop:!1,children:Object(j.jsx)(S,{testimonials:c})}):null]}),e.preview||Object(j.jsx)(v,{setNewTestimonial:d})]})},y=function(e){return Object(j.jsx)("div",{className:"col-lg-4 col-md-6 portfolio-item filter-".concat(e.product.category),children:Object(j.jsxs)("div",{className:"portfolio-wrap",children:[Object(j.jsx)("img",{src:e.product.photoUrl,className:"img-fluid",alt:"",onLoad:function(){return Object(o.z)(e.product.name)}}),Object(j.jsxs)("div",{className:"portfolio-info",children:[Object(j.jsx)("h4",{children:e.product.name}),Object(j.jsx)("p",{children:e.product.description})]}),Object(j.jsx)("div",{className:"portfolio-links",children:Object(j.jsx)("a",{href:e.product.photoUrl,"data-gall":"portfolioGallery",className:"venobox",title:e.product.name,children:Object(j.jsx)("i",{className:"bx bx-plus"})})})]})},e.product.name)},k="/home/node/",I=function(e){var t=Object(n.useState)([]),a=Object(l.a)(t,2),c=a[0],s=a[1],i=Object(n.useState)(""),r=Object(l.a)(i,2),u=r[0],d=r[1],m=Object(n.useState)(""),b=Object(l.a)(m,2),p=b[0],O=b[1];return Object(n.useEffect)((function(){e.preview?Object(o.c)().then((function(e){return s(e)})):Object(o.f)().then((function(e){return s(e)}))}),[]),Object(j.jsxs)(j.Fragment,{children:[e.preview||Object(j.jsx)(h,{onInnerPage:!0}),Object(j.jsxs)("section",{id:"marketplace",className:"portfolio",children:[Object(j.jsxs)("div",{className:"container","data-aos":"fade-up",children:[Object(j.jsx)("div",{className:"section-title marketplaceTitle",children:Object(j.jsx)("h2",{children:"Marketplace"})}),e.preview||Object(j.jsx)("div",{className:"row",children:Object(j.jsx)("div",{className:"col-lg-12 d-flex justify-content-center",children:Object(j.jsxs)("ul",{id:"portfolio-flters",children:[Object(j.jsx)("li",{"data-filter":"*",className:"filter-active",children:"All"}),Object(j.jsx)("li",{"data-filter":".filter-Healing",children:"Healing"}),Object(j.jsx)("li",{"data-filter":".filter-Jewellery",children:"Jewellery"}),Object(j.jsx)("li",{"data-filter":".filter-Gemstones",children:"Gemstones"})]})})}),Object(j.jsx)("div",{className:"row portfolio-container",children:c&&c.map((function(e,t){return Object(j.jsx)(y,{product:e},t)}))})]}),e.preview&&Object(j.jsx)("div",{className:"section-readmore",children:Object(j.jsx)("a",{href:"/marketplace",children:Object(j.jsx)("span",{children:"See all products"})})})]}),Object(j.jsx)(w,{preview:e.preview}),Object(j.jsx)("section",{id:"feedback",className:"testimonials section-bg",children:Object(j.jsx)("div",{className:"container","data-aos":"fade-up",children:Object(j.jsxs)("div",{className:"section-title",children:[Object(j.jsx)("h2",{children:"feedback"}),Object(j.jsx)("span",{children:"Please, upload a feedback: "}),Object(j.jsx)("label",{htmlFor:"feedback-file-input",className:"file-input-label",children:Object(j.jsx)("img",{src:"assets/img/upload-file.svg",alt:"",className:"upload-file-image"})}),Object(j.jsx)("input",{id:"feedback-file-input",type:"file",accept:"file/*",style:{display:"none"},onChange:function(e){var t=e.target.files[0];Object(o.v)("".concat(k).concat(t.name),t).then((function(e){d(e),O(t.name)}))}}),u.length>0&&Object(j.jsxs)(j.Fragment,{children:[Object(j.jsx)("div",{className:"warning-text",children:u}),Object(j.jsxs)("div",{children:["You can reach your file"," ",Object(j.jsx)("a",{href:"#",onClick:function(e){e.preventDefault(),Object(o.b)("".concat(k).concat(p)).then((function(e){var t=window.URL.createObjectURL(new Blob([e])),a=document.createElement("a");a.href=t,a.setAttribute("download",p),document.body.appendChild(a),a.click(),document.body.removeChild(a)}))},children:"here"})]})]})]})})})]})},q=function(){return Object(j.jsx)("section",{id:"counts",className:"counts",children:Object(j.jsx)("div",{className:"container",children:Object(j.jsx)("div",{className:"row counters",children:[{name:"Crystals",value:154},{name:"Gemstones",value:78},{name:"Jewellery",value:23},{name:"Massage",value:9}].map((function(e,t){return Object(j.jsxs)("div",{className:"col-lg-3 col-6 text-center",children:[Object(j.jsx)("span",{"data-toggle":"counter-up",children:e.value}),Object(j.jsx)("p",{children:e.name})]},"counter-".concat(t))}))})})})},C=function(){return Object(j.jsx)("section",{id:"hero",className:"d-flex align-items-center",children:Object(j.jsx)("div",{className:"container-fluid","data-aos":"fade-up",children:Object(j.jsxs)("div",{className:"row justify-content-center",children:[Object(j.jsxs)("div",{className:"col-xl-5 col-lg-6 pt-3 pt-lg-0 order-2 order-lg-1 d-flex flex-column justify-content-center",children:[Object(j.jsx)("h1",{children:"Your Vulnerable Crystal Marketplace"}),Object(j.jsx)("h2",{children:"Find the most beautiful stones in one place!"}),Object(j.jsx)("div",{children:Object(j.jsx)("a",{href:"#marketplacePreview",className:"btn-get-started scrollto",children:"Get Started"})})]}),Object(j.jsx)("div",{className:"col-xl-4 col-lg-6 order-1 order-lg-2 hero-img","data-aos":"zoom-in","data-aos-delay":"150",children:Object(j.jsx)("img",{src:"assets/img/hero-img.png",className:"img-fluid animated",alt:""})})]})})})},T=function(){return Object(j.jsx)("section",{id:"faq",className:"faq",children:Object(j.jsxs)("div",{className:"container","data-aos":"fade-up",children:[Object(j.jsxs)("div",{className:"section-title",children:[Object(j.jsx)("h2",{children:"Frequently Asked Questions"}),Object(j.jsx)("p",{children:"Magnam dolores commodi suscipit. Necessitatibus eius consequatur ex aliquid fuga eum quidem. Sit sint consectetur velit. Quisquam quos quisquam cupiditate. Et nemo qui impedit suscipit alias ea. Quia fugiat sit in iste officiis commodi quidem hic quas."})]}),Object(j.jsx)("div",{className:"faq-list",children:Object(j.jsx)("ul",{children:[{question:"Non consectetur a erat nam at lectus urna duis?",answer:"Feugiat pretium nibh ipsum consequat. Tempus iaculis urna id volutpat lacus laoreet non curabitur gravida. Venenatis lectus magna fringilla urna porttitor rhoncus dolor purus non."},{question:"Feugiat scelerisque varius morbi enim nunc?",answer:"Dolor sit amet consectetur adipiscing elit pellentesque habitant morbi. Id interdum velit laoreet id donec ultrices. Fringilla phasellus faucibus scelerisque eleifend donec pretium. Est pellentesque elit ullamcorper dignissim. Mauris ultrices eros in cursus turpis massa tincidunt dui."},{question:"Dolor sit amet consectetur adipiscing elit?",answer:"Eleifend mi in nulla posuere sollicitudin aliquam ultrices sagittis orci. Faucibus pulvinar elementum integer enim. Sem nulla pharetra diam sit amet nisl suscipit. Rutrum tellus pellentesque eu tincidunt. Lectus urna duis convallis convallis tellus. Urna molestie at elementum eu facilisis sed odio morbi quis."},{question:"Tempus quam pellentesque nec nam aliquam sem et tortor consequat?",answer:"Molestie a iaculis at erat pellentesque adipiscing commodo. Dignissim suspendisse in est ante in. Nunc vel risus commodo viverra maecenas accumsan. Sit amet nisl suscipit adipiscing bibendum est. Purus gravida quis blandit turpis cursus in."},{question:"Tortor vitae purus faucibus ornare. Varius vel pharetra vel turpis nunc eget lorem dolor?",answer:"Laoreet sit amet cursus sit amet dictum sit amet justo. Mauris vitae ultricies leo integer malesuada nunc vel. Tincidunt eget nullam non nisi est sit amet. Turpis nunc eget lorem dolor sed. Ut venenatis tellus in metus vulputate eu scelerisque."}].map((function(e,t){return Object(j.jsxs)("li",{"data-aos":"fade-up","data-aos-delay":100*t,children:[Object(j.jsx)("i",{className:"bx bx-help-circle icon-help"})," ",Object(j.jsxs)("a",{"data-toggle":"collapse",className:0===t?"collapse":"collapsed",href:"#faq-list-".concat(t),children:[e.question,Object(j.jsx)("i",{className:"bx bx-chevron-down icon-show"}),Object(j.jsx)("i",{className:"bx bx-chevron-up icon-close"})]}),Object(j.jsx)("div",{id:"faq-list-".concat(t),className:"collapse ".concat(0===t&&"show"),"data-parent":".faq-list",children:Object(j.jsx)("p",{children:e.answer})})]},"faq-item-".concat(t))}))})})]})})},A=function(){return Object(j.jsx)("section",{id:"contact",className:"contact section-bg",children:Object(j.jsxs)("div",{className:"container","data-aos":"fade-up",children:[Object(j.jsxs)("div",{className:"section-title",children:[Object(j.jsx)("h2",{children:"Contact"}),Object(j.jsx)("p",{children:"Magnam dolores commodi suscipit. Necessitatibus eius consequatur ex aliquid fuga eum quidem. Sit sint consectetur velit. Quisquam quos quisquam cupiditate. Et nemo qui impedit suscipit alias ea. Quia fugiat sit in iste officiis commodi quidem hic quas."})]}),Object(j.jsxs)("div",{className:"row",children:[Object(j.jsx)("div",{className:"col-lg-6",children:Object(j.jsxs)("div",{className:"info-box mb-4",children:[Object(j.jsx)("i",{className:"bx bx-map"}),Object(j.jsx)("h3",{children:"Our Address"}),Object(j.jsx)("p",{children:"A108 Adam Street, New York, NY 535022"})]})}),Object(j.jsx)("div",{className:"col-lg-3 col-md-6",children:Object(j.jsxs)("div",{className:"info-box mb-4",children:[Object(j.jsx)("i",{className:"bx bx-envelope"}),Object(j.jsx)("h3",{children:"Email Us"}),Object(j.jsx)("p",{children:"[email protected]"})]})}),Object(j.jsx)("div",{className:"col-lg-3 col-md-6",children:Object(j.jsxs)("div",{className:"info-box mb-4",children:[Object(j.jsx)("i",{className:"bx bx-phone-call"}),Object(j.jsx)("h3",{children:"Call Us"}),Object(j.jsx)("p",{children:"+1 5589 55488 55"})]})})]}),Object(j.jsxs)("div",{className:"row",children:[Object(j.jsx)("div",{className:"col-lg-6 ",children:Object(j.jsx)("iframe",{className:"mb-4 mb-lg-0",src:"https://www.google.com/maps/embed?pb=!1m14!1m8!1m3!1d12097.433213460943!2d-74.0062269!3d40.7101282!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0xb89d1fe6bc499443!2sDowntown+Conference+Center!5e0!3m2!1smk!2sbg!4v1539943755621",frameBorder:"0",style:{border:0,width:"100%",height:384},allowFullScreen:!0})}),Object(j.jsx)("div",{className:"col-lg-6",children:Object(j.jsxs)("form",{role:"form",className:"php-email-form",children:[Object(j.jsxs)("div",{className:"form-row",children:[Object(j.jsxs)("div",{className:"col-md-6 form-group",children:[Object(j.jsx)("input",{type:"text",name:"name",className:"form-control",id:"name",placeholder:"Your Name","data-rule":"minlen:4","data-msg":"Please enter at least 4 chars"}),Object(j.jsx)("div",{className:"validate"})]}),Object(j.jsxs)("div",{className:"col-md-6 form-group",children:[Object(j.jsx)("input",{type:"email",className:"form-control",name:"email",id:"email",placeholder:"Your Email","data-rule":"email","data-msg":"Please enter a valid email"}),Object(j.jsx)("div",{className:"validate"})]})]}),Object(j.jsxs)("div",{className:"form-group",children:[Object(j.jsx)("input",{type:"text",className:"form-control",name:"subject",id:"subject",placeholder:"Subject","data-rule":"minlen:4","data-msg":"Please enter at least 8 chars of subject"}),Object(j.jsx)("div",{className:"validate"})]}),Object(j.jsxs)("div",{className:"form-group",children:[Object(j.jsx)("textarea",{className:"form-control",name:"message",rows:5,"data-rule":"required","data-msg":"Please write something for us",placeholder:"Message"}),Object(j.jsx)("div",{className:"validate"})]}),Object(j.jsxs)("div",{className:"mb-3",children:[Object(j.jsx)("div",{className:"loading",children:"Loading"}),Object(j.jsx)("div",{className:"error-message"}),Object(j.jsx)("div",{className:"sent-message",children:"Your message has been sent. Thank you!"})]}),Object(j.jsx)("div",{className:"text-center",children:Object(j.jsx)("button",{type:"submit",children:"Send Message"})})]})})]})]})})},F=function(){var e=Object(n.useState)(""),t=Object(l.a)(e,2),a=t[0],c=t[1],s=Object(n.useState)(),i=Object(l.a)(s,2),r=i[0],d=i[1],m=Object(n.useState)(""),b=Object(l.a)(m,2),h=b[0],p=b[1];Object(n.useEffect)((function(){Object(o.r)('{{="+1"}} {{=5589}} {{=55488}} {{=55}}').then((function(e){return p(e)}))}),[]);var O=[{title:"Useful Links",items:[{name:"Home",url:"/",icon:"bx-chevron-right"},{name:"About us",url:"/",icon:"bx-chevron-right"},{name:"Services",url:"/",icon:"bx-chevron-right"},{name:"Terms of service",url:"/api/goto?url=http://google.com",icon:"bx-chevron-right"},{name:"Privacy policy",url:"https://takemeover-bright.s3.amazonaws.com/privacy-policy.pdf",icon:"bx-chevron-right"}]},{title:"Our Services",items:[{name:"Web Design",url:"/",icon:"bx-chevron-right"},{name:"Web Development",url:"/",icon:"bx-chevron-right"},{name:"Product Management",url:"/",icon:"bx-chevron-right"},{name:"Marketing",url:"/",icon:"bx-chevron-right"},{name:"Graphic Design",url:"/",icon:"bx-chevron-right"}]}],x=[{title:"Find us on",items:[{name:"twitter",url:"/",icon:"bxl-twitter"},{name:"facebook",url:"/",icon:"bxl-facebook"},{name:"instagram",url:"/",icon:"bxl-instagram"},{name:"google-plus",url:"/",icon:"bxl-google-plus"},{name:"linkedIn",url:"/",icon:"bxl-linkedin"}]},{title:"Supporting",items:[{name:"google",url:"/api/file/google?path=google",icon:"bxl-google"},{name:"aws",url:"/api/file/aws?path=aws",icon:"bxl-amazon"},{name:"azure",url:"/api/file/azure?path=azure",icon:"bxl-microsoft"},{name:"digital_ocean",url:"/api/file/digital_ocean?path=digital_ocean",icon:"bxl-digitalocean"}]}];return Object(j.jsxs)("footer",{id:"footer",children:[Object(j.jsx)("div",{className:"footer-top",children:Object(j.jsx)("div",{className:"container",children:Object(j.jsxs)("div",{className:"row",children:[Object(j.jsxs)("div",{className:"col-lg-3 col-md-6 footer-contact",children:[Object(j.jsx)(u.a,{to:"/",className:"logo mr-auto",children:Object(j.jsx)("img",{width:100,height:100,src:"assets/img/logo.png",alt:"",className:"img-fluid"})}),Object(j.jsx)("h3",{children:"BROKEN CRYSTALS"}),Object(j.jsxs)("div",{children:["A108 Adam Street ",Object(j.jsx)("br",{}),"New York, NY 535022",Object(j.jsx)("br",{}),"United States ",Object(j.jsx)("br",{}),Object(j.jsx)("br",{}),Object(j.jsx)("strong",{children:"Phone:"})," ",h&&Object(j.jsx)("span",{className:"dangerous-html",children:Object(j.jsx)(N.a,{html:h})}),Object(j.jsx)("br",{}),Object(j.jsx)("strong",{children:"Email:"})," [email protected]",Object(j.jsx)("br",{})]})]}),O.map((function(e,t){return Object(j.jsxs)("div",{className:"col-lg-2 col-md-6 footer-links",children:[Object(j.jsx)("h4",{children:e.title}),Object(j.jsx)("ul",{children:e.items.map((function(t,a){return Object(j.jsxs)("li",{children:[Object(j.jsx)("i",{className:"bx ".concat(t.icon)})," ",Object(j.jsx)("a",{href:t.url,children:t.name})]},"".concat(e.title,"-item-").concat(a))}))})]},"footer-links-section-".concat(t))})),Object(j.jsxs)("div",{className:"col-lg-4 col-md-6 footer-newsletter",children:[Object(j.jsx)("h4",{children:"Join Our Newsletter"}),Object(j.jsx)("p",{children:"Tamen quem nulla quae legam multos aute sint culpa legam noster magna"}),Object(j.jsxs)("form",{onSubmit:function(e){e.preventDefault(),Object(o.s)(a).then((function(e){return d(e)}))},children:[Object(j.jsx)("input",{type:"input",name:"input",value:a,onInput:function(e){var t=e.target.value;c(t)}}),Object(j.jsx)("input",{type:"submit",value:"Subscribe"})]}),r&&Object(j.jsx)("div",{className:"dangerous-html",children:Object(j.jsx)(N.a,{html:r+" subscribed."})})]})]})})}),Object(j.jsx)("div",{className:"container",children:Object(j.jsxs)("div",{className:"copyright-wrap d-md-flex py-4",children:[Object(j.jsxs)("div",{className:"mr-md-auto text-center text-md-left",children:[Object(j.jsxs)("div",{className:"copyright",children:["\xa9 Copyright"," ",Object(j.jsx)("strong",{children:Object(j.jsx)("span",{children:"Broken Crystals"})}),". All Rights Reserved"]}),Object(j.jsx)("span",{className:"dangerous-html",children:Object(j.jsx)(N.a,{html:decodeURIComponent(window.location.search)})})]}),Object(j.jsx)("table",{children:Object(j.jsx)("tbody",{children:x.map((function(e,t){return Object(j.jsxs)("tr",{children:[Object(j.jsx)("td",{children:"".concat(e.title,": ")}),Object(j.jsx)("td",{children:Object(j.jsx)("div",{className:"px-1 d-flex flex-row align-items-start social-links text-center text-md-right pt-3 pt-md-0",children:e.items.map((function(t,a){return Object(j.jsx)("a",{href:t.url,children:Object(j.jsx)("i",{className:"bx ".concat(t.icon)})},"".concat(e.title,"-item-").concat(a))}))})})]},"social-section-".concat(t))}))})})]})})]})},E=function(){return Object(j.jsxs)(j.Fragment,{children:[Object(j.jsx)(h,{}),Object(j.jsx)(C,{}),Object(j.jsxs)("main",{id:"main",children:[Object(j.jsx)("div",{id:"marketplacePreview",children:Object(j.jsx)(I,{preview:!0})}),Object(j.jsx)(q,{}),Object(j.jsx)(T,{}),Object(j.jsx)(A,{})]}),Object(j.jsx)(F,{}),Object(j.jsx)("a",{href:"/",className:"back-to-top",children:Object(j.jsx)("i",{className:"icofont-simple-up"})}),Object(j.jsx)("div",{id:"preloader"})]})},R=a(22),L=a(6),D=function(e){var t=e.children,a=e.logoBgColor,c=Object(n.useRef)(null);return Object(n.useEffect)((function(){c.current&&(c.current.style.cssText="background-color: ".concat(a))})),Object(j.jsx)("div",{className:"page-content--bge5",children:Object(j.jsx)("div",{className:"container",children:Object(j.jsx)("div",{className:"login-wrap",children:Object(j.jsxs)("div",{className:"login-content",children:[Object(j.jsx)("div",{className:"login-logo",children:Object(j.jsxs)("a",{href:"/",className:"logo mr-auto",children:[Object(j.jsx)("img",{width:100,height:100,src:"assets/img/logo_blue.png",alt:"logo",className:"img-fluid",ref:c}),"BROKEN CRYSTALS"]})}),t]})})})})};var P=function(e){var t=[{title:"Email",value:e.email},{title:"First Name",value:e.firstName},{title:"Last Name",value:e.lastName}];return Object(j.jsx)(j.Fragment,{children:t.map((function(e){var t=e.title,a=e.value;return a&&Object(j.jsx)("div",{className:"dangerous-html",children:Object(j.jsx)(N.a,{html:"".concat(t,": ").concat(a)})},t)}))})};var U=function(e){return(null===e||void 0===e?void 0:e.length)?Object(j.jsx)(j.Fragment,{children:e.map((function(e){return Object(j.jsx)("div",{children:P(e)},e.email)}))}):null};var M,B=function(e){var t=[{title:"Email",value:e.email},{title:"LDAP",value:e.ldapProfileLink}];return Object(j.jsx)(j.Fragment,{children:t.map((function(e){var t=e.title,a=e.value;return a&&Object(j.jsx)("div",{className:"dangerous-html",children:Object(j.jsx)(N.a,{html:"".concat(t,": ").concat(a)})},t)}))})},_={user:"",password:"",op:L.a.BASIC};!function(e){e.FORM_URLENCODED="application/x-www-form-urlencoded",e.APPLICATION_JSON="application/json"}(M||(M={}));var H,Y=function(){var e=Object(i.g)().state,t=Object(n.useState)(_),a=Object(l.a)(t,2),c=a[0],s=a[1],d=c.user,m=c.password,b=Object(n.useState)(),h=Object(l.a)(b,2),p=h[0],O=h[1],g=Object(n.useState)([]),v=Object(l.a)(g,2),N=v[0],S=v[1],w=Object(n.useState)(),y=Object(l.a)(w,2),k=y[0],I=y[1],q=Object(n.useState)(L.a.BASIC),C=Object(l.a)(q,2),T=C[0],A=C[1],F=Object(n.useState)(),E=Object(l.a)(F,2),P=E[0],H=E[1],Y=Object(n.useState)(),z=Object(l.a)(Y,2),G=z[0],J=z[1],Q=function(e){var t=e.target,a=t.name,n=t.value;s(Object(f.a)(Object(f.a)({},c),{},Object(x.a)({},a,n)))},V=function(e){switch(T){case L.a.CSRF:return Object(f.a)(Object(f.a)({},e),{},{csrf:P});case L.a.DOM_BASED_CSRF:var t=Object(R.a)();return Object(f.a)(Object(f.a)({},e),{},{csrf:P,fingerprint:t});default:return e}};return Object(n.useEffect)((function(){return function(){var t=(p||{}).ldapProfileLink;t&&Object(o.d)(t).then((function(e){return S(e)})).then((function(){window.location.href=e?e.from:"/"}))}()}),[p]),Object(n.useEffect)((function(){switch(T){case L.a.CSRF:return void Object(o.p)().then((function(e){return H(e)}));case L.a.DOM_BASED_CSRF:return e=Object(R.a)(),void Object(o.o)(e).then((function(e){return H(e)}));case L.a.OIDC:return void Object(o.e)().then((function(e){return J(e)}))}var e}),[T]),Object(j.jsx)(D,{logoBgColor:new URL(window.location.href).searchParams.get("logobgcolor")||"transparent",children:Object(j.jsxs)("div",{className:"login-form",children:[Object(j.jsxs)("form",{onSubmit:function(e){e.preventDefault();var t=T===L.a.HTML?{headers:{"content-type":M.FORM_URLENCODED}}:{},a=V(c);Object(o.j)(a,t).then((function(e){return O(e),e})).then((function(e){var t=e.email,a=e.errorText;return a&&I(a),sessionStorage.setItem("email",t),Object(o.k)(t)})).then((function(e){return sessionStorage.setItem("userName","".concat(e.firstName," ").concat(e.lastName))}))},children:[Object(j.jsxs)("div",{className:"form-group",children:[Object(j.jsx)("label",{children:"Authentication Type"}),Object(j.jsxs)("select",{className:"form-control",name:"op",placeholder:"Authentication Type",value:T,onChange:function(e){var t=e.target.value;s(Object(f.a)(Object(f.a)({},c),{},{op:t})),A(t)},children:[Object(j.jsx)("option",{value:L.a.BASIC,children:"Simple REST-based Authentication"}),Object(j.jsx)("option",{value:L.a.HTML,children:"Simple HTML Form-based Authentication"}),Object(j.jsx)("option",{value:L.a.CSRF,children:"Simple CSRF-based Authentication"}),Object(j.jsx)("option",{value:L.a.DOM_BASED_CSRF,children:"DOM based CSRF Authentication"}),Object(j.jsx)("option",{value:L.a.OIDC,children:"Simple OIDC-based Authentication"})]})]}),G&&Object(j.jsxs)("div",{children:[Object(j.jsxs)("p",{children:[Object(j.jsx)("b",{children:"client_id:"})," ",G.clientId]}),Object(j.jsxs)("p",{children:[Object(j.jsx)("b",{children:"client_secret:"})," ",G.clientSecret]}),Object(j.jsxs)("p",{children:[Object(j.jsx)("b",{children:"Openid-configuration URL:"})," ",G.metadataUrl]}),Object(j.jsx)("br",{})]}),Object(j.jsxs)("div",{className:"form-group",children:[Object(j.jsx)("label",{children:"Email"}),Object(j.jsx)("input",{className:"au-input au-input--full",type:"text",name:"user",placeholder:"Email",value:d,onInput:Q})]}),Object(j.jsxs)("div",{className:"form-group",children:[Object(j.jsx)("label",{children:"Password"}),Object(j.jsx)("input",{className:"au-input au-input--full",type:"password",name:"password",placeholder:"Password",value:m,onInput:Q})]}),(T===L.a.CSRF||T===L.a.DOM_BASED_CSRF)&&P&&Object(j.jsx)("input",{name:"xsrf",type:"hidden",value:P}),p&&B(p),Object(j.jsx)("br",{}),N&&U(N),Object(j.jsx)("button",{className:"au-btn au-btn--block au-btn--green m-b-20",type:"submit",children:"sign in"})]}),Object(j.jsxs)("div",{children:[k&&Object(j.jsx)("div",{className:"error-text",children:k}),Object(j.jsx)("b",{children:"Hint"}),": if you are looking for an authentication protected endpoint, try using:",Object(j.jsx)("a",{href:"https://brokencrystals.com/api/products",children:"https://brokencrystals.com/api/products"})]}),Object(j.jsx)("div",{className:"register-link",children:Object(j.jsxs)("p",{children:["Don't have an account?"," ",Object(j.jsx)(u.a,{to:r.a.Register,children:"Sign Up Here"})]})})]})})},z={user:"",password:"",op:L.a.BASIC},G=function(){var e=Object(n.useState)(z),t=Object(l.a)(e,2),a=t[0],c=t[1],s=a.user,i=Object(n.useState)(),d=Object(l.a)(i,2),m=d[0],b=d[1];return Object(j.jsx)(D,{children:Object(j.jsxs)("div",{className:"login-form",children:[Object(j.jsxs)("form",{onSubmit:function(e){e.preventDefault();Object(o.k)(a.user,{headers:{"content-type":"application/x-www-form-urlencoded"}}).then((function(e){return e})).then((function(e){var t=e.email;t?(sessionStorage.setItem("email",t),window.location.href=r.a.PasswordCheck):b("User doesn`t exist, try to signup")}))},children:[Object(j.jsxs)("div",{className:"form-group",children:[Object(j.jsx)("label",{children:"Email"}),Object(j.jsx)("input",{className:"au-input au-input--full",type:"text",name:"user",placeholder:"Email",value:s,onInput:function(e){var t=e.target,n=t.name,s=t.value;c(Object(f.a)(Object(f.a)({},a),{},Object(x.a)({},n,s)))}})]}),Object(j.jsx)("button",{className:"au-btn au-btn--block au-btn--green m-b-20",type:"submit",children:"Enter password"})]}),Object(j.jsxs)("div",{children:[m&&Object(j.jsx)("div",{className:"error-text",children:m}),Object(j.jsx)("b",{children:"Hint"}),": if you are looking for an authentication protected endpoint, try using:",Object(j.jsx)("a",{href:"https://brokencrystals.com/api/products",children:"https://brokencrystals.com/api/products"})]}),Object(j.jsx)("div",{className:"register-link",children:Object(j.jsxs)("p",{children:["Don't have an account?"," ",Object(j.jsx)(u.a,{to:r.a.Register,children:"Sign Up Here"})]})})]})})},J={email:"",firstName:"",lastName:"",company:"",cardNumber:"",phoneNumber:"",password:"",op:L.a.BASIC},Q=function(){var e=Object(n.useState)(J),t=Object(l.a)(e,2),a=t[0],c=t[1],s=a.email,i=a.firstName,d=a.lastName,m=a.password,b=a.company,h=a.cardNumber,p=a.phoneNumber,O=Object(n.useState)(),g=Object(l.a)(O,2),v=g[0],N=g[1],S=Object(n.useState)(),w=Object(l.a)(S,2),y=w[0],k=w[1],I=Object(n.useState)(L.a.BASIC),q=Object(l.a)(I,2),C=q[0],T=q[1],A=Object(n.useState)(!1),F=Object(l.a)(A,2),E=F[0],R=F[1],U=function(e){var t=e.target,n=t.name,s=t.value;c(Object(f.a)(Object(f.a)({},a),{},Object(x.a)({},n,s)))};return Object(j.jsx)(D,{children:Object(j.jsxs)("div",{className:"login-form",children:[Object(j.jsxs)("form",{onSubmit:function(e){e.preventDefault(),console.log("click"),R(!0),Object(o.u)(a).then((function(e){e.errorText?(k(e.errorText),R(!1)):(N(e),setTimeout((function(){window.location.href=r.a.Login}),1500))}))},children:[Object(j.jsxs)("div",{className:"form-group",children:[Object(j.jsx)("label",{children:"Registration Type"}),Object(j.jsxs)("select",{className:"form-control",name:"op",placeholder:"Authentication Type",value:C,onChange:function(e){var t=e.target.value;c(Object(f.a)(Object(f.a)({},a),{},{op:t})),T(t)},children:[Object(j.jsx)("option",{value:L.a.BASIC,children:"Simple REST-based Registration"}),Object(j.jsx)("option",{value:L.a.OIDC,children:"Simple OIDC-based Registration"})]})]}),Object(j.jsxs)("div",{className:"form-group",children:[Object(j.jsx)("label",{children:"First name"}),Object(j.jsx)("input",{className:"au-input au-input--full",type:"text",name:"firstName",placeholder:"First name",value:i,onInput:U})]}),Object(j.jsxs)("div",{className:"form-group",children:[Object(j.jsx)("label",{children:"Last name"}),Object(j.jsx)("input",{className:"au-input au-input--full",type:"text",name:"lastName",placeholder:"Last name",value:d,onInput:U})]}),Object(j.jsxs)("div",{className:"form-group",children:[Object(j.jsx)("label",{children:"Company"}),Object(j.jsx)("input",{className:"au-input au-input--full",type:"text",name:"company",placeholder:"Company",value:b,onInput:U})]}),Object(j.jsxs)("div",{className:"form-group",children:[Object(j.jsx)("label",{children:"Card number"}),Object(j.jsx)("input",{className:"au-input au-input--full",type:"text",name:"cardNumber",placeholder:"Card number",value:h,onInput:U})]}),Object(j.jsxs)("div",{className:"form-group",children:[Object(j.jsx)("label",{children:"Phone number"}),Object(j.jsx)("input",{className:"au-input au-input--full",type:"text",name:"phoneNumber",placeholder:"Phone number",value:p,onInput:U})]}),Object(j.jsxs)("div",{className:"form-group",children:[Object(j.jsx)("label",{children:"Email Address"}),Object(j.jsx)("input",{className:"au-input au-input--full",type:"text",name:"email",placeholder:"Email",value:s,onInput:U})]}),y&&Object(j.jsx)("div",{className:"error-text",children:y}),Object(j.jsxs)("div",{className:"form-group",children:[Object(j.jsx)("label",{children:"Password"}),Object(j.jsx)("input",{className:"au-input au-input--full",type:"password",name:"password",placeholder:"Password",value:m,onInput:U})]}),v&&P(v),Object(j.jsx)("button",{className:"au-btn au-btn--block au-btn--green m-b-20",type:"submit",disabled:E,children:"register"})]}),Object(j.jsx)("div",{className:"register-link",children:Object(j.jsxs)("p",{children:["Already have an account? ",Object(j.jsx)(u.a,{to:r.a.Login,children:"Sign In"})]})})]})})},V={email:"",firstName:"",lastName:"",id:"",company:""},K=function(){var e=sessionStorage.getItem("email")||localStorage.getItem("email"),t=Object(n.useState)(V),a=Object(l.a)(t,2),c=a[0],s=a[1],u=function(e){var t=e.target,a=t.name,n=t.value;s(Object(f.a)(Object(f.a)({},c),{},Object(x.a)({},a,n)))};Object(n.useEffect)((function(){e&&Object(o.k)(e).then((function(e){return s(e)}))}),[]);return Object(j.jsx)(j.Fragment,{children:e?Object(j.jsx)(D,{children:Object(j.jsx)("div",{className:"login-form",children:Object(j.jsxs)("form",{onSubmit:function(e){e.preventDefault(),Object(o.x)(c).then((function(){localStorage.getItem("email")?localStorage.setItem("userName","".concat(c.firstName," ").concat(c.lastName)):sessionStorage.setItem("userName","".concat(c.firstName," ").concat(c.lastName)),window.location.href=r.a.Home}))},children:[Object(j.jsxs)("div",{className:"form-group",children:[Object(j.jsx)("label",{children:"Email"}),Object(j.jsx)("input",{className:"au-input au-input--full",type:"text",name:"email",placeholder:"Email",value:c.email,onInput:u})]}),Object(j.jsxs)("div",{className:"form-group",children:[Object(j.jsx)("label",{children:"FirstName"}),Object(j.jsx)("input",{className:"au-input au-input--full",type:"text",name:"firstName",placeholder:"FName",value:c.firstName,onInput:u})]}),Object(j.jsxs)("div",{className:"form-group",children:[Object(j.jsx)("label",{children:"LastName"}),Object(j.jsx)("input",{className:"au-input au-input--full",type:"text",name:"lastName",placeholder:"LName",value:c.lastName,onInput:u})]}),Object(j.jsx)("button",{className:"au-btn au-btn--block au-btn--green m-b-20",type:"submit",children:"Save changes"})]})})}):Object(j.jsx)(i.a,{to:{pathname:r.a.Login,state:{from:"/userprofile"}}})})},W=function(e){var t=e.children;return Object(j.jsx)("div",{className:"page-content--bge5",children:Object(j.jsx)("div",{className:"container",children:Object(j.jsx)("div",{className:"admin-wrap",children:Object(j.jsxs)("div",{className:"admin-content",children:[Object(j.jsx)("div",{className:"admin-logo",children:Object(j.jsxs)("a",{href:"/",className:"logo mr-auto",children:[Object(j.jsx)("img",{width:100,height:100,src:"assets/img/logo_blue.png",alt:"",className:"img-fluid"}),"BROKEN CRYSTALS"]})}),t]})})})})},X=function(){var e=sessionStorage.getItem("email")||localStorage.getItem("email"),t=Object(n.useState)(!1),a=Object(l.a)(t,2),c=a[0],s=a[1],i=Object(n.useState)(""),r=Object(l.a)(i,2),u=r[0],d=r[1],m=Object(n.useState)([]),b=Object(l.a)(m,2),h=b[0],p=b[1];return Object(n.useEffect)((function(){e&&(Object(o.a)(e).then((function(e){return s(!!e.isAdmin)})),Object(o.y)(u).then((function(e){p(e)})))}),[e,u]),Object(j.jsx)(W,{children:c?Object(j.jsxs)(j.Fragment,{children:[Object(j.jsx)("div",{children:"User catalog:"}),Object(j.jsxs)("div",{children:[Object(j.jsx)("b",{children:"Hint"}),": to see more results typing specific name"]}),Object(j.jsx)("input",{type:"text",className:"au-input au-input--full",placeholder:"Start typing name",onChange:function(e){d(e.target.value)}}),Object(j.jsx)("div",{children:h.map((function(e){return Object(j.jsxs)("div",{children:[Object(j.jsx)("b",{children:"First name:"})," ",e.firstName,", ",Object(j.jsx)("b",{children:"Last name:"})," ",e.lastName,",",Object(j.jsx)("b",{children:"e-mail:"})," ",e.email,", ",Object(j.jsx)("b",{children:"company:"})," ",e.company]},e.id)}))})]}):Object(j.jsx)("div",{children:"This page is forbidden for you"})})},Z={user:"",password:"",op:L.a.BASIC},$=function(){var e=Object(n.useState)(Z),t=Object(l.a)(e,2),a=t[0],c=t[1],s=a.password,i=Object(n.useState)(),d=Object(l.a)(i,2),m=d[0],b=d[1],h=sessionStorage.getItem("email"),p=function(e){var t=e.target,n=t.name,s=t.value;c(Object(f.a)(Object(f.a)({},a),{},Object(x.a)({},n,s)))};return Object(n.useEffect)((function(){h&&c(Object(f.a)(Object(f.a)({},a),{},{user:h}))}),[]),Object(j.jsx)(D,{children:Object(j.jsxs)("div",{className:"login-form",children:[Object(j.jsxs)("form",{onSubmit:function(e){e.preventDefault();Object(o.j)(a,{headers:{"content-type":"application/json"}}).then((function(e){return e})).then((function(e){var t=e.email,n=e.errorText;return n?b(n):a.rememberuser&&(localStorage.setItem("email",sessionStorage.getItem("email")||""),localStorage.setItem("token",sessionStorage.getItem("token")||""),sessionStorage.clear()),Object(o.k)(t)})).then((function(e){a.rememberuser?localStorage.setItem("userName","".concat(e.firstName," ").concat(e.lastName)):sessionStorage.setItem("userName","".concat(e.firstName," ").concat(e.lastName)),window.location.href=r.a.Home}))},children:[Object(j.jsxs)("div",{className:"form-group",children:[Object(j.jsx)("label",{children:"Username:"}),Object(j.jsx)("input",{value:a.user,name:"user",readOnly:!0}),Object(j.jsx)("label",{children:"Enter Password:"}),Object(j.jsx)("input",{className:"au-input au-input--full",type:"password",name:"password",placeholder:"Password",value:s,onInput:p}),Object(j.jsxs)("label",{htmlFor:"rememberuser",children:[Object(j.jsx)("input",{type:"checkbox",id:"rememberuser",name:"rememberuser",value:"true",onChange:p}),"\xa0Remember me"]})]}),Object(j.jsx)("button",{className:"au-btn au-btn--block au-btn--green m-b-20",type:"submit",children:"sign in"})]}),Object(j.jsxs)("div",{children:[m&&Object(j.jsx)("div",{className:"error-text",children:m}),Object(j.jsx)("b",{children:"Hint"}),": if you are looking for an authentication protected endpoint, try using:",Object(j.jsx)("a",{href:"https://brokencrystals.com/api/products",children:"https://brokencrystals.com/api/products"})]}),Object(j.jsx)("div",{className:"register-link",children:Object(j.jsxs)("p",{children:["Don't have an account?"," ",Object(j.jsx)(u.a,{to:r.a.Register,children:"Sign Up Here"})]})})]})})},ee=function(){return Object(j.jsx)(D,{children:Object(j.jsxs)("div",{children:[Object(j.jsx)("div",{children:"This is Admin Dashboard."}),Object(j.jsx)(j.Fragment,{children:"This page represents "}),Object(j.jsx)("a",{href:"https://owasp.org/Top10/A01_2021-Broken_Access_Control/",children:"AO1 Vertical access controls"}),Object(j.jsx)(j.Fragment,{children:" issue"})]})})},te=function(){var e=sessionStorage.getItem("email")||localStorage.getItem("email");return Object(j.jsxs)(i.d,{children:[Object(j.jsx)(i.b,{path:r.a.Login,children:Object(j.jsx)(Y,{})}),Object(j.jsx)(i.b,{path:r.a.LoginNew,children:Object(j.jsx)(G,{})}),Object(j.jsx)(i.b,{path:r.a.PasswordCheck,children:e?Object(j.jsx)($,{}):Object(j.jsx)(i.a,{to:{pathname:r.a.Home,state:{from:"/passwordcheck"}}})}),Object(j.jsx)(i.b,{path:r.a.Register,children:Object(j.jsx)(Q,{})}),Object(j.jsx)(i.b,{path:r.a.Marketplace,children:e?Object(j.jsx)(I,{preview:!1}):Object(j.jsx)(i.a,{to:{pathname:r.a.Login,state:{from:"/marketplace"}}})}),Object(j.jsx)(i.b,{path:r.a.Userprofile,children:e?Object(j.jsx)(K,{}):Object(j.jsx)(i.a,{to:{pathname:r.a.Login,state:{from:"/userprofile"}}})}),Object(j.jsx)(i.b,{path:r.a.Adminpage,children:e?Object(j.jsx)(X,{}):Object(j.jsx)(i.a,{to:{pathname:r.a.Home,state:{from:"/adminpage"}}})}),Object(j.jsx)(i.b,{path:r.a.Dashboard,children:e?Object(j.jsx)(ee,{}):Object(j.jsx)(i.a,{to:{pathname:r.a.Home,state:{from:"/dashboard"}}})}),Object(j.jsxs)(i.b,{path:"*",children:[Object(j.jsx)(i.a,{to:{pathname:r.a.Home}}),Object(j.jsx)(E,{})]})]})},ae=a(10),ne=Object(ae.a)({basename:""});s.a.render(Object(j.jsx)(i.c,{history:ne,children:Object(j.jsx)(te,{})}),document.getElementById("root")),(H=void 0)&&a.e(3).then(a.bind(null,76)).then((function(e){var t=e.getCLS,a=e.getFID,n=e.getFCP,c=e.getLCP,s=e.getTTFB;t(H),a(H),n(H),c(H),s(H)}))}},[[75,1,2]]]);
//# sourceMappingURL=main.9e44b974.chunk.js.map
Amazon AWS S3 bucket takeover
Severity:
High
Discovered:05 of October-2023, 11:49 AM
CWE ID
CWE-284
CVSS
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
Target application contains a reference to an S3 bucket that no longer exists.
An attacker can register a new S3 bucket under the same original name.
The target application would use the new S3 bucket under the control of the attacker.
Attacker can populate the S3 bucket with malicious content or intercept legitimate traffic intended for the S3 bucket,
potentially leading to data theft or other malicious activities.
Possible exposure
Data breaches, Malware distribution, negatively impact reputation
Remediation suggestions
Remove unused S3 buckets reference URLs from code.
Request
Response
External links
The text was updated successfully, but these errors were encountered: