CUSTOM_PAYLOADS on ZAP /alerttags/custom_payloads/ Recent content in CUSTOM_PAYLOADS on ZAP Hugo en-us Application Error Disclosure /docs/alerts/90022/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90022/ <p>This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.</p> Dangerous JS Functions /docs/alerts/10110/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10110/ <p>A dangerous JS function seems to be in use that would leave the site vulnerable.</p> Hidden File Found /docs/alerts/40035/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40035/ <p>A sensitive file was identified as accessible or available. This may leak administrative, configuration, or credential information which can be leveraged by a malicious individual to further attack the system or conduct social engineering efforts.</p> Information Disclosure - Suspicious Comments /docs/alerts/10027/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10027/ <p>The response appears to contain suspicious comments which may help an attacker.</p> User Agent Fuzzer /docs/alerts/10104/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10104/ <p>Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.</p> Username Hash Found /docs/alerts/10057/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10057/ <p>A hash of a username (admin) was found in the response. This may indicate that the application is subject to an Insecure Direct Object Reference (IDOR) vulnerability. Manual testing will be required to see if this discovery can be abused.</p> XPath Injection /docs/alerts/90021/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90021/ <p>XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents. It can be used directly by an application to query an XML document, as part of a larger operation such as applying an XSLT transformation to an XML document, or applying an XQuery to an XML document. The syntax of XPath bears some resemblance to an SQL query, and indeed, it is possible to form SQL-like queries on an XML document using XPath.</p>