https://cava.finances.bj/appliance/login.ns?login%5Bpassword%5D=test%22%3E%3Csvg%2Fonload%3Dalert%28document.domain%29%3E&login%5Bsubmit%5D=Change%20Password&login%5Buse_curr%5D=1

Forwarded to
ErrorController (480b23)
Method
GET
HTTP Status
404
IP
10.250.2.252
Profiled on
Token
2f8bca

n/a

Request

GET Parameters

Key Value
login 
[
  "password" => "test"><svg/onload=alert(document.domain)>"
  "submit" => "Change Password"
  "use_curr" => "1"
]

POST Parameters

No POST parameters

Uploaded Files

No files were uploaded

Request Attributes

Key Value
_remove_csp_headers 
true
_stopwatch_token 
"2aefdd"

Request Headers

Header Value
accept-encoding 
"gzip,deflate"
connection 
"close"
content-length 
""
content-type 
""
host 
"cava.finances.bj"
user-agent 
"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36"
x-forwarded-for 
"34.225.243.131"
x-forwarded-port 
"443"
x-forwarded-proto 
"https"
x-forwarded-scheme 
"https"
x-php-ob-level 
"1"
x-real-ip 
"34.225.243.131"

Request Content

Request content not available (it was retrieved as a resource).

Response

Response Headers

Header Value
cache-control 
"no-cache, private"
content-type 
"text/html; charset=UTF-8"
date 
"Sun, 29 Jun 2025 05:05:46 GMT"
x-debug-exception 
"No%20route%20found%20for%20%22GET%20https%3A%2F%2Fcava.finances.bj%2Fappliance%2Flogin.ns%22"
x-debug-exception-file 
"%2Fvar%2Fwww%2Fcava%2Fvendor%2Fsymfony%2Fhttp-kernel%2FEventListener%2FRouterListener.php:128"
x-debug-token 
"2f8bca"
x-debug-token-link 
"https://cava.finances.bj/_profiler/480b23"
x-previous-debug-token 
"480b23"
x-robots-tag 
"noindex"

Cookies

Request Cookies

No request cookies

Response Cookies

No response cookies

Session

Session Metadata

No session metadata

Session Attributes

No session attributes

Session Usage

0 Usages
Stateless check enabled

Session not used.

Flashes

Flashes

No flash messages were created.

Server Parameters

Server Parameters

Defined in .env

Key Value
APP_DEBUG 
"1"
APP_ENV 
"dev"
APP_SECRET 
"f7dff89a122c6a0b310e1c782b5ce357"
DATABASE_URL 
"mysql://cava:%%2123W0k9cV%%3F5N@127.0.0.1:3306/cava"
MAILER_DSN 
"smtp://33a845799247bc:ddc8708ed8b571@sandbox.smtp.mailtrap.io:2525"
MESSENGER_TRANSPORT_DSN 
"doctrine://default?auto_setup=0"
WKHTMLTOIMAGE_PATH 
"/usr/bin/wkhtmltoimage"
WKHTMLTOPDF_PATH 
"/usr/bin/wkhtmltopdf"

Defined as regular env variables

Key Value
CONTENT_LENGTH 
""
CONTENT_TYPE 
""
DOCUMENT_ROOT 
"/var/www/cava/public"
DOCUMENT_URI 
"/index.php"
FCGI_ROLE 
"RESPONDER"
GATEWAY_INTERFACE 
"CGI/1.1"
HOME 
"/var/www"
HTTPS 
"on"
HTTP_ACCEPT_ENCODING 
"gzip,deflate"
HTTP_CONNECTION 
"close"
HTTP_HOST 
"cava.finances.bj"
HTTP_USER_AGENT 
"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36"
HTTP_X_FORWARDED_FOR 
"34.225.243.131"
HTTP_X_FORWARDED_PORT 
"443"
HTTP_X_FORWARDED_PROTO 
"https"
HTTP_X_FORWARDED_SCHEME 
"https"
HTTP_X_REAL_IP 
"34.225.243.131"
PHP_SELF 
"/index.php"
QUERY_STRING 
"login[password]=test%22%3E%3Csvg/onload%3Dalert(document.domain)%3E&login[submit]=Change%20Password&login[use_curr]=1"
REDIRECT_STATUS 
"200"
REMOTE_ADDR 
"10.250.2.252"
REMOTE_PORT 
"27207"
REMOTE_USER 
""
REQUEST_METHOD 
"GET"
REQUEST_SCHEME 
"http"
REQUEST_TIME 
1751173546
REQUEST_TIME_FLOAT 
1751173546.776
REQUEST_URI 
"/appliance/login.ns?login[password]=test%22%3E%3Csvg/onload%3Dalert(document.domain)%3E&login[submit]=Change%20Password&login[use_curr]=1"
SCRIPT_FILENAME 
"/var/www/cava/public/index.php"
SCRIPT_NAME 
"/index.php"
SERVER_ADDR 
"10.250.2.124"
SERVER_NAME 
"cava.finances.bj"
SERVER_PORT 
"443"
SERVER_PROTOCOL 
"HTTP/1.1"
SERVER_SOFTWARE 
"nginx/1.24.0"
SYMFONY_DOTENV_VARS 
"APP_ENV,APP_SECRET,MESSENGER_TRANSPORT_DSN,DATABASE_URL,MAILER_DSN,WKHTMLTOPDF_PATH,WKHTMLTOIMAGE_PATH,APP_DEBUG"
USER 
"www-data"

Sub Requests 1

ErrorController (token = 480b23)

Key Value
_controller 
"error_controller"
_stopwatch_token 
"2651e4"
exception 
Symfony\Component\HttpKernel\Exception\NotFoundHttpException {#307
  #message: "No route found for "GET https://cava.finances.bj/appliance/login.ns""
  #code: 0
  #file: "/var/www/cava/vendor/symfony/http-kernel/EventListener/RouterListener.php"
  #line: 128
  -previous: Symfony\Component\Routing\Exception\ResourceNotFoundException {#68 …}
  -statusCode: 404
  -headers: []
  trace: {
    /var/www/cava/vendor/symfony/http-kernel/EventListener/RouterListener.php:128 {
      Symfony\Component\HttpKernel\EventListener\RouterListener->onKernelRequest(RequestEvent $event) …
      › 
      ›     throw new NotFoundHttpException($message, $e);} catch (MethodNotAllowedException $e) {
    }
    /var/www/cava/vendor/symfony/event-dispatcher/Debug/WrappedListener.php:115 {
      Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke(object $event, string $eventName, EventDispatcherInterface $dispatcher): void …
      › 
      › ($this->optimizedListener ?? $this->listener)($event, $eventName, $dispatcher);}
    /var/www/cava/vendor/symfony/event-dispatcher/EventDispatcher.php:230 {
      Symfony\Component\EventDispatcher\EventDispatcher->callListeners(iterable $listeners, string $eventName, object $event) …
      ›     }    $listener($event, $eventName, $this);}
    }
    /var/www/cava/vendor/symfony/event-dispatcher/EventDispatcher.php:59 {
      Symfony\Component\EventDispatcher\EventDispatcher->dispatch(object $event, string $eventName = null): object …
      › if ($listeners) {    $this->callListeners($listeners, $eventName, $event);}
    }
    /var/www/cava/vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php:153 {
      Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch(object $event, string $eventName = null): object …
      › try {    $this->dispatcher->dispatch($event, $eventName);} finally {
    }
    /var/www/cava/vendor/symfony/http-kernel/HttpKernel.php:139 {
      Symfony\Component\HttpKernel\HttpKernel->handleRaw(Request $request, int $type = self::MAIN_REQUEST): Response …
      › $event = new RequestEvent($this, $request, $type);$this->dispatcher->dispatch($event, KernelEvents::REQUEST);}
    /var/www/cava/vendor/symfony/http-kernel/HttpKernel.php:75 {
      Symfony\Component\HttpKernel\HttpKernel->handle(Request $request, int $type = HttpKernelInterface::MAIN_REQUEST, bool $catch = true): Response …
      › try {    return $this->handleRaw($request, $type);} catch (\Exception $e) {
    }
    /var/www/cava/vendor/symfony/http-kernel/Kernel.php:202 {
      Symfony\Component\HttpKernel\Kernel->handle(Request $request, int $type = HttpKernelInterface::MAIN_REQUEST, bool $catch = true): Response …
      › try {    return $this->getHttpKernel()->handle($request, $type, $catch);} finally {
    }
    /var/www/cava/vendor/symfony/runtime/Runner/Symfony/HttpKernelRunner.php:35 {
      Symfony\Component\Runtime\Runner\Symfony\HttpKernelRunner->run(): int …
      › {    $response = $this->kernel->handle($this->request);    $response->send();
    }
    /var/www/cava/vendor/autoload_runtime.php:29 {
      require_once …
      ›         ->getRunner($app)        ->run());
    }
    /var/www/cava/public/index.php:5 {
      › 
      › require_once dirname(__DIR__).'/vendor/autoload_runtime.php';arguments: {
        "/var/www/cava/vendor/autoload_runtime.php"
      }
    }
  }
}
logger 
Symfony\Bridge\Monolog\Logger {#150 …9}