/alerttags/owasp_2017_a01/ Recent content in OWASP_2017_A01 on ZAP Hugo en-us /docs/alerts/90018/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90018/ <p>A SQL injection may be possible using the attached payload.</p> /docs/alerts/30001/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/30001/ <p>Buffer overflow errors are characterized by the overwriting of memory spaces of the background web process, which should have never been modified intentionally or unintentionally. Overwriting values of the IP (Instruction Pointer), BP (Base Pointer) and other registers causes exceptions, segmentation faults, and other process errors to occur. Usually these errors end execution of the application in an unexpected way.</p> /docs/alerts/10029/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10029/ <p>This check looks at user-supplied input in query string parameters and POST data to identify where cookie parameters might be controlled. This is called a cookie poisoning attack, and becomes exploitable when an attacker can manipulate the cookie in various ways. In some cases this will not be exploitable, however, allowing URL parameters to set cookie values is generally considered a bug.</p> /docs/alerts/40003/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40003/ <p>Cookie can be set via CRLF injection. It may also be possible to set arbitrary HTTP response headers. In addition, by carefully crafting the injected response using cross-site script, cache poisoning vulnerability may also exist.</p> /docs/alerts/90025/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90025/ <p>The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. In certain versions of Spring 3.0.5 and earlier, there was a vulnerability (CVE-2011-2730) in which Expression Language tags would be evaluated twice, which effectively exposed any application to EL injection. However, even for later versions, this weakness is still possible depending on configuration.</p> /docs/alerts/20019-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20019-1/ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p> /docs/alerts/20019-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20019-2/ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p> /docs/alerts/20019-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20019-3/ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p> /docs/alerts/20019-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20019-4/ <p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p> /docs/alerts/100029/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100029/ <p>The application seems to be subject to CVE-2019-5418. By sending a specially crafted request it was possible to have the target return data from the server file system.</p> /docs/alerts/30002/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/30002/ <p>A Format String error occurs when the submitted data of an input string is evaluated as a command by the application.</p> /docs/alerts/20014/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20014/ <p>HTTP Parameter Pollution (HPP) attacks consist of injecting encoded query string delimiters into other existing parameters. If a web application does not properly sanitize the user input, a malicious user can compromise the logic of the application to perform either client-side or server-side attacks. One consequence of HPP attacks is that the attacker can potentially override existing hard-coded HTTP parameters to modify the behavior of an application, bypass input validation checkpoints, and access and possibly exploit variables that may be out of direct reach.</p> /docs/alerts/30003/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/30003/ <p>An integer overflow condition exists when an integer used in a compiled program extends beyond the range limits and has not been properly checked from the input stream.</p> /docs/alerts/40015-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40015-2/ <p>LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.</p> /docs/alerts/40015-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40015-1/ <p>LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.</p> /docs/alerts/40033/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40033/ <p>MongoDB query injection may be possible.</p> /docs/alerts/90039/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90039/ <p>MongoDB query injection may be possible.</p> /docs/alerts/10028/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10028/ <p>Open redirects are one of the OWASP 2010 Top Ten vulnerabilities. This check looks at user-supplied input in query string parameters and POST data to identify where open redirects might be possible. Open redirects occur when an application allows user-supplied input (e.g. <a href="https://nottrusted.com">https://nottrusted.com</a>) to control an off-site destination. This is generally a pretty accurate way to find where 301 or 302 redirects could be exploited by spammers or phishing attacks.</p> /docs/alerts/40008/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40008/ <p>Parameter manipulation caused an error page or Java stack trace to be displayed. This indicated lack of exception handling and potential areas for further exploit.</p> /docs/alerts/40048/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40048/ <p>The server is running Next.js and vulnerable versions of React Server Components with Next.js which allow remote attackers to execute arbitrary code.</p> /docs/alerts/7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/7/ <p>Remote File Include (RFI) is an attack technique used to exploit &ldquo;dynamic file include&rdquo; mechanisms in web applications. When web applications take user input (URL, parameter value, etc.) and pass them into file include commands, the web application might be tricked into including remote files with malicious code.</p> /docs/alerts/90020/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90020/ <p>Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.</p> /docs/alerts/90037/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90037/ <p>Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.</p> /docs/alerts/90019-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90019-2/ <p>A code injection may be possible including custom code that will be evaluated by the scripting engine.</p> /docs/alerts/90019-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90019-1/ <p>A code injection may be possible including custom code that will be evaluated by the scripting engine.</p> /docs/alerts/40009/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40009/ <p>Certain parameters may cause Server Side Include commands to be executed. This may allow database connection or arbitrary code to be executed.</p> /docs/alerts/90035/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90035/ <p>When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.</p> /docs/alerts/90036/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90036/ <p>When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.</p> /docs/alerts/90026/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90026/ <p>An unintended SOAP operation was executed by the server.</p> /docs/alerts/90029/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90029/ <p>Some XML injected code has been interpreted by the server.</p> /docs/alerts/40045/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40045/ <p>The application appears to be vulnerable to CVE-2022-22965 (otherwise known as Spring4Shell) - remote code execution (RCE) via data binding.</p> /docs/alerts/40018/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40018/ <p>SQL injection may be possible.</p> /docs/alerts/40020/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40020/ <p>SQL injection may be possible.</p> /docs/alerts/40027/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40027/ <p>SQL injection may be possible.</p> /docs/alerts/40019/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40019/ <p>SQL injection may be possible.</p> /docs/alerts/40021/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40021/ <p>SQL injection may be possible.</p> /docs/alerts/40022/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40022/ <p>SQL injection may be possible.</p> /docs/alerts/40024-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40024-1/ <p>SQL injection may be possible.</p> /docs/alerts/40024-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40024-2/ <p>SQL injection may be possible.</p> /docs/alerts/100044-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-2/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> /docs/alerts/100044-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-5/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> /docs/alerts/100044-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-3/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> /docs/alerts/100044-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-1/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> /docs/alerts/100044-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-4/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> /docs/alerts/100044-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-8/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> /docs/alerts/100044-9/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-9/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> /docs/alerts/100044-10/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-10/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> /docs/alerts/100044-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-6/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> /docs/alerts/100044-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100044-7/ <p>The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.</p> /docs/alerts/10030/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10030/ <p>This check looks at user-supplied input in query string parameters and POST data to identify where Content-Type or meta tag charset declarations might be user-controlled. Such charset declarations should always be declared by the application. If an attacker can control the response charset, they could manipulate the HTML to perform XSS or other attacks. For example, an attacker controlling the <!-- raw HTML omitted --> element charset value is able to declare UTF-7 and is also able to include enough user-controlled payload early in the HTML document to have it interpreted as UTF-7. By encoding their payload with UTF-7 the attacker is able to bypass any server-side XSS protections and embed script in the page.</p> /docs/alerts/10031/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10031/ <p>This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.</p> /docs/alerts/10043/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10043/ <p>This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.</p> /docs/alerts/90021/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90021/ <p>XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents. It can be used directly by an application to query an XML document, as part of a larger operation such as applying an XSLT transformation to an XML document, or applying an XQuery to an XML document. The syntax of XPath bears some resemblance to an SQL query, and indeed, it is possible to form SQL-like queries on an XML document using XPath.</p> /docs/alerts/90017/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90017/ <p>Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.</p>