OWASP_2021_A03 on ZAP

Advanced SQL Injection

Mon, 01 Jan 0001 00:00:00 +0000

A SQL injection may be possible using the attached payload.

AngularJS $parse expression from cookie

Mon, 01 Jan 0001 00:00:00 +0000

Cookie-controlled expression value reaches AngularJS $parse.

Generated by OWASP PTK IAST Module

AngularJS $parse expression from form input

Mon, 01 Jan 0001 00:00:00 +0000

Form-controlled expression value reaches AngularJS $parse.

Generated by OWASP PTK IAST Module

AngularJS $parse expression from localStorage

Mon, 01 Jan 0001 00:00:00 +0000

Storage-controlled expression value reaches AngularJS $parse.

Generated by OWASP PTK IAST Module

AngularJS $parse expression from postMessage

Mon, 01 Jan 0001 00:00:00 +0000

postMessage-controlled expression value reaches AngularJS $parse.

Generated by OWASP PTK IAST Module

AngularJS expression executed through Function constructor

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data reached dynamic code execution while AngularJS expression parsing/compilation was active. This covers interpolation and $parse-style AngularJS expression injection cases.

Generated by OWASP PTK IAST Module

AngularJS expression injection - eval expression 1.4.0 to 1.4.9

Mon, 01 Jan 0001 00:00:00 +0000

Detects AngularJS client-side template and expression injection by sending version-gated AngularJS sandbox-escape probes to query and form parameters, then requiring browser-executed proof from the PTK browser-nav harness.

Generated by OWASP PTK DAST Module

AngularJS expression injection - expression 1.0.1 to 1.1.5

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS expression injection - expression 1.2.0 to 1.2.18

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS expression injection - expression 1.2.19 to 1.2.23

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS expression injection - expression 1.2.24 to 1.2.26

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS expression injection - expression 1.2.27 to 1.3.20

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS expression injection - expression 1.2.6 to 1.2.18

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS expression injection - expression 1.4.0 to 1.4.5

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS expression injection - expression 1.4.2 to 1.5.8

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS expression injection - expression 1.6 and later

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS expression injection - single-quote expression 1.2.19 to 1.2.23

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS interpolation delimiters in template string

Mon, 01 Jan 0001 00:00:00 +0000

Finds AngularJS code patterns where untrusted data is compiled or parsed as AngularJS expressions/templates, including $parse, $interpolate, $compile, interpolation delimiters and ng-* expression attributes.

Generated by OWASP PTK SAST Module

AngularJS ng-* expression attribute

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

AngularJS template injection - alternate delimiters 1.6 and later

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - HTML entity alternate delimiters 1.4.0 to 1.4.9

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - HTML entity delimiters 1.4.0 to 1.4.9

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected 1.0.1 to 1.1.5

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected 1.2.0 to 1.2.1

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected 1.2.19 to 1.2.23

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected 1.2.2 to 1.2.5

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected 1.2.24 to 1.2.29

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected 1.2.6 to 1.2.18

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected 1.4.0 to 1.4.9

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected 1.5.0 to 1.5.8

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected 1.6 and later

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected eval 1.4.0 to 1.4.9

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

AngularJS template injection - reflected short legacy 1.0.1 to 1.1.5

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK DAST Module

Avoid eval with string literals

Mon, 01 Jan 0001 00:00:00 +0000

Detects dynamic execution of attacker-controlled strings in JavaScript sinks such as eval(), Function(), string-based timers, execScript, or script.text assignments. Exploiting these flows lets attackers execute arbitrary JS without relying on HTML injection.

Generated by OWASP PTK SAST Module

Avoid execScript dynamic execution

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

Avoid Function constructor with strings

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

Avoid string-based timers

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

Buffer Overflow

Mon, 01 Jan 0001 00:00:00 +0000

Buffer overflow errors are characterized by the overwriting of memory spaces of the background web process, which should have never been modified intentionally or unintentionally. Overwriting values of the IP (Instruction Pointer), BP (Base Pointer) and other registers causes exceptions, segmentation faults, and other process errors to occur. Usually these errors end execution of the application in an unexpected way.

Cookie Poisoning

Mon, 01 Jan 0001 00:00:00 +0000

This check looks at user-supplied input in query string parameters and POST data to identify where cookie parameters might be controlled. This is called a cookie poisoning attack, and becomes exploitable when an attacker can manipulate the cookie in various ways. In some cases this will not be exploitable, however, allowing URL parameters to set cookie values is generally considered a bug.

CRLF Injection

Mon, 01 Jan 0001 00:00:00 +0000

Cookie can be set via CRLF injection. It may also be possible to set arbitrary HTTP response headers. In addition, by carefully crafting the injected response using cross-site script, cache poisoning vulnerability may also exist.

Cross Site Request Forgery

Mon, 01 Jan 0001 00:00:00 +0000

A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

Cross Site Scripting (DOM Based)

Mon, 01 Jan 0001 00:00:00 +0000

Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology. When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.

Cross Site Scripting (Persistent)

Mon, 01 Jan 0001 00:00:00 +0000

Cross Site Scripting (Persistent)

Mon, 01 Jan 0001 00:00:00 +0000

Cross Site Scripting (Persistent) - Prime

Mon, 01 Jan 0001 00:00:00 +0000

Cross Site Scripting (Persistent) - Spider

Mon, 01 Jan 0001 00:00:00 +0000

Cross Site Scripting (Reflected)

Mon, 01 Jan 0001 00:00:00 +0000

Cross Site Scripting Weakness (Persistent in JSON Response)

Mon, 01 Jan 0001 00:00:00 +0000

A XSS attack was found in a JSON response, this might leave content consumers vulnerable to attack if they don’t appropriately handle the data (response).

Cross-site Scripting

Mon, 01 Jan 0001 00:00:00 +0000

Cross-site Scripting

Mon, 01 Jan 0001 00:00:00 +0000

data: URL assigned to form action

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL assigned to form action.

Generated by OWASP PTK IAST Module

data: URL assigned to formAction

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL assigned to formAction.

Generated by OWASP PTK IAST Module

data: URL assigned to href

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL assigned to href.

Generated by OWASP PTK IAST Module

data: URL assigned to iframe.src

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL assigned to iframe.src.

Generated by OWASP PTK IAST Module

data: URL assigned to script.src

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL assigned to script.src and treated as executable content.

Generated by OWASP PTK IAST Module

data: URL assigned to src

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL assigned to a generic src attribute.

Generated by OWASP PTK IAST Module

data: URL navigated via location.assign

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL passed to location.assign.

Generated by OWASP PTK IAST Module

data: URL navigated via location.href

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL assigned to location.href.

Generated by OWASP PTK IAST Module

data: URL navigated via location.replace

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL passed to location.replace.

Generated by OWASP PTK IAST Module

data: URL opened via window.open

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data: URL passed to window.open.

Generated by OWASP PTK IAST Module

Disallow document.write()/writeln()

Mon, 01 Jan 0001 00:00:00 +0000

Detects cases where untrusted data from the DOM (URL, element values, storage, messages, etc.) flows into HTML/JS execution sinks (e.g., innerHTML, outerHTML, document.write, string-based setTimeout, insertAdjacentHTML) without proper sanitization or encoding \u2014 enabling DOM-based cross-site scripting.

Generated by OWASP PTK SAST Module

Disallow innerHTML/outerHTML assignments

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

Disallow insertAdjacentHTML()

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

DOM XSS via document.write

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data passed to document.write.

Generated by OWASP PTK IAST Module

DOM XSS via document.write (secondary sources)

Mon, 01 Jan 0001 00:00:00 +0000

Persisted/reflected client-side values reached document.write.

Generated by OWASP PTK IAST Module

DOM XSS via DOM mutation (secondary sources)

Mon, 01 Jan 0001 00:00:00 +0000

Persisted/reflected client-side values reached mutation sinks.

Generated by OWASP PTK IAST Module

DOM XSS via DOM mutations

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data inserted into the DOM via DOM mutation APIs.

Generated by OWASP PTK IAST Module

DOM XSS via DOMParser.parseFromString

Mon, 01 Jan 0001 00:00:00 +0000

Tainted HTML parsed through DOMParser.parseFromString with an HTML-like MIME type.

Generated by OWASP PTK IAST Module

DOM XSS via Element.innerHTML

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data assigned to innerHTML (possible DOM XSS).

Generated by OWASP PTK IAST Module

DOM XSS via Element.outerHTML

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data assigned to outerHTML (possible DOM XSS).

Generated by OWASP PTK IAST Module

DOM XSS via Element.setHTMLUnsafe

Mon, 01 Jan 0001 00:00:00 +0000

Tainted HTML passed to Element.setHTMLUnsafe.

Generated by OWASP PTK IAST Module

DOM XSS via iframe.srcdoc (secondary sources)

Mon, 01 Jan 0001 00:00:00 +0000

Persisted/reflected client-side values reached iframe.srcdoc.

Generated by OWASP PTK IAST Module

DOM XSS via inline event handler

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data flowed into an inline event handler.

Generated by OWASP PTK IAST Module

DOM XSS via inline handlers (secondary sources)

Mon, 01 Jan 0001 00:00:00 +0000

Persisted/reflected client-side values reached inline event handlers.

Generated by OWASP PTK IAST Module

DOM XSS via innerHTML (Angular)

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

DOM XSS via innerHTML (secondary sources)

Mon, 01 Jan 0001 00:00:00 +0000

Persisted/reflected client-side values reached innerHTML.

Generated by OWASP PTK IAST Module

DOM XSS via insertAdjacentHTML

Mon, 01 Jan 0001 00:00:00 +0000

Tainted HTML passed into insertAdjacentHTML.

Generated by OWASP PTK IAST Module

DOM XSS via insertAdjacentHTML (secondary sources)

Mon, 01 Jan 0001 00:00:00 +0000

Persisted/reflected client-side values reached insertAdjacentHTML.

Generated by OWASP PTK IAST Module

DOM XSS via outerHTML (secondary sources)

Mon, 01 Jan 0001 00:00:00 +0000

Persisted/reflected client-side values reached outerHTML.

Generated by OWASP PTK IAST Module

DOM XSS via query param attribute breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param attribute-name event injection

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param double-quoted attribute event breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param double-quoted resource onerror breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param event-handler value

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param HTML image onerror

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param javascript: URL

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param JS block-comment breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param JS double-quote breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param JS expression execution

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param JS regex breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param JS single-quote breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param JS template literal breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param script-tag breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param single-quoted attribute event breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param style-block breakout

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param SVG tag-name event injection

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via query param unquoted attribute event injection

Mon, 01 Jan 0001 00:00:00 +0000

Tests top-level GET query parameters for browser-executed XSS by opening a real browser attack tab and requiring an execution marker after load or safe synthetic interaction.

Generated by OWASP PTK DAST Module

DOM XSS via Range.createContextualFragment

Mon, 01 Jan 0001 00:00:00 +0000

Tainted HTML passed to Range.createContextualFragment.

Generated by OWASP PTK IAST Module

DOM XSS via ShadowRoot.setHTMLUnsafe

Mon, 01 Jan 0001 00:00:00 +0000

Tainted HTML passed to ShadowRoot.setHTMLUnsafe.

Generated by OWASP PTK IAST Module

DOM-based JavaScript Injection (taint flow)

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

DOM-based XSS (taint flow)

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

Dynamic AngularJS $compile/$interpolate template

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

Dynamic AngularJS $parse expression

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

Dynamic code execution via eval

Mon, 01 Jan 0001 00:00:00 +0000

Tainted string executed via eval().

Generated by OWASP PTK IAST Module

Dynamic code execution via Function constructor

Mon, 01 Jan 0001 00:00:00 +0000

Tainted string executed via Function constructor.

Generated by OWASP PTK IAST Module

Dynamic code execution via Function.apply

Mon, 01 Jan 0001 00:00:00 +0000

Tainted string executed via Function.apply.

Generated by OWASP PTK IAST Module

Dynamic template compilation

Mon, 01 Jan 0001 00:00:00 +0000

Detects dynamic client-side template compilation/rendering where attacker-controlled templates or outputs are injected into the DOM.

Generated by OWASP PTK SAST Module

eval() from storage/referrer taint

Mon, 01 Jan 0001 00:00:00 +0000

Storage/referrer taint reached eval().

Generated by OWASP PTK IAST Module

Expression Language Injection

Mon, 01 Jan 0001 00:00:00 +0000

The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. In certain versions of Spring 3.0.5 and earlier, there was a vulnerability (CVE-2011-2730) in which Expression Language tags would be evaluated twice, which effectively exposed any application to EL injection. However, even for later versions, this weakness is still possible depending on configuration.

External Redirect

Mon, 01 Jan 0001 00:00:00 +0000

URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.

External Redirect

Mon, 01 Jan 0001 00:00:00 +0000

External Redirect

Mon, 01 Jan 0001 00:00:00 +0000

External Redirect

Mon, 01 Jan 0001 00:00:00 +0000

File Content Disclosure (CVE-2019-5418)

Mon, 01 Jan 0001 00:00:00 +0000

The application seems to be subject to CVE-2019-5418. By sending a specially crafted request it was possible to have the target return data from the server file system.

Format String Error

Mon, 01 Jan 0001 00:00:00 +0000

A Format String error occurs when the submitted data of an input string is evaluated as a command by the application.

Function.apply() from storage/referrer taint

Mon, 01 Jan 0001 00:00:00 +0000

Storage/referrer taint reached Function.apply().

Generated by OWASP PTK IAST Module

Function() from storage/referrer taint

Mon, 01 Jan 0001 00:00:00 +0000

Storage/referrer taint reached Function constructor.

Generated by OWASP PTK IAST Module

HTTP Parameter Pollution

Mon, 01 Jan 0001 00:00:00 +0000

HTTP Parameter Pollution (HPP) attacks consist of injecting encoded query string delimiters into other existing parameters. If a web application does not properly sanitize the user input, a malicious user can compromise the logic of the application to perform either client-side or server-side attacks. One consequence of HPP attacks is that the attacker can potentially override existing hard-coded HTTP parameters to modify the behavior of an application, bypass input validation checkpoints, and access and possibly exploit variables that may be out of direct reach.

Inline event handler built from dynamic data

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

Integer Overflow Error

Mon, 01 Jan 0001 00:00:00 +0000

An integer overflow condition exists when an integer used in a compiled program extends beyond the range limits and has not been properly checked from the input stream.

javascript: URL assigned to form action

Mon, 01 Jan 0001 00:00:00 +0000

Tainted javascript: URL assigned to form action.

Generated by OWASP PTK IAST Module

javascript: URL assigned to formAction

Mon, 01 Jan 0001 00:00:00 +0000

Tainted javascript: URL assigned to formAction.

Generated by OWASP PTK IAST Module

javascript: URL assigned to href

Mon, 01 Jan 0001 00:00:00 +0000

Tainted javascript: URL assigned to href and likely to execute in the current browsing context.

Generated by OWASP PTK IAST Module

javascript: URL assigned to iframe.src

Mon, 01 Jan 0001 00:00:00 +0000

Tainted javascript: URL assigned to iframe.src.

Generated by OWASP PTK IAST Module

javascript: URL assigned to src

Mon, 01 Jan 0001 00:00:00 +0000

Tainted javascript: URL assigned to a generic src attribute and interpreted as executable content.

Generated by OWASP PTK IAST Module

javascript: URL navigated via location.assign

Mon, 01 Jan 0001 00:00:00 +0000

Tainted javascript: URL passed to location.assign.

Generated by OWASP PTK IAST Module

javascript: URL navigated via location.href

Mon, 01 Jan 0001 00:00:00 +0000

Tainted javascript: URL assigned to location.href.

Generated by OWASP PTK IAST Module

javascript: URL navigated via location.replace

Mon, 01 Jan 0001 00:00:00 +0000

Tainted javascript: URL passed to location.replace.

Generated by OWASP PTK IAST Module

javascript: URL opened via window.open

Mon, 01 Jan 0001 00:00:00 +0000

Tainted javascript: URL passed to window.open.

Generated by OWASP PTK IAST Module

JSONP callback parameter controls JavaScript response

Mon, 01 Jan 0001 00:00:00 +0000

Tests callback-like parameters for JSONP-style JavaScript responses where user input controls the executed callback name.

Generated by OWASP PTK DAST Module

LDAP Injection

Mon, 01 Jan 0001 00:00:00 +0000

LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.

LDAP Injection - activedirectory

Mon, 01 Jan 0001 00:00:00 +0000

LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.

Lit unsafeHTML taint flow

Mon, 01 Jan 0001 00:00:00 +0000

Detects dynamic client-side template compilation/rendering where attacker-controlled templates or outputs are injected into the DOM.

Generated by OWASP PTK SAST Module

NoSQL Injection - MongoDB

Mon, 01 Jan 0001 00:00:00 +0000

MongoDB query injection may be possible.

NoSQL Injection - MongoDB (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

MongoDB query injection may be possible.

Off-site Redirect

Mon, 01 Jan 0001 00:00:00 +0000

Open redirects are one of the OWASP 2010 Top Ten vulnerabilities. This check looks at user-supplied input in query string parameters and POST data to identify where open redirects might be possible. Open redirects occur when an application allows user-supplied input (e.g. https://nottrusted.com) to control an off-site destination. This is generally a pretty accurate way to find where 301 or 302 redirects could be exploited by spammers or phishing attacks.

OS Command Injection - Unix cat /etc/passwd (pipe)

Mon, 01 Jan 0001 00:00:00 +0000

OS command injection (also known as shell injection) is a web security vulnerability that allows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application, and typically fully compromise the application and all its data.

Generated by OWASP PTK DAST Module

Out of Band XSS

Mon, 01 Jan 0001 00:00:00 +0000

React dangerouslySetInnerHTML taint flow

Mon, 01 Jan 0001 00:00:00 +0000

Detects dynamic client-side template compilation/rendering where attacker-controlled templates or outputs are injected into the DOM.

Generated by OWASP PTK SAST Module

Remote Code Execution (React2Shell)

Mon, 01 Jan 0001 00:00:00 +0000

The server is running Next.js and vulnerable versions of React Server Components with Next.js which allow remote attackers to execute arbitrary code.

Remote File Inclusion

Mon, 01 Jan 0001 00:00:00 +0000

Remote File Include (RFI) is an attack technique used to exploit “dynamic file include” mechanisms in web applications. When web applications take user input (URL, parameter value, etc.) and pass them into file include commands, the web application might be tricked into including remote files with malicious code.

Remote OS Command Injection

Mon, 01 Jan 0001 00:00:00 +0000

Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.

Remote OS Command Injection (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

Response field parsed via createContextualFragment

Mon, 01 Jan 0001 00:00:00 +0000

Response-derived HTML parsed via Range.createContextualFragment.

Generated by OWASP PTK IAST Module

Response field parsed via DOMParser

Mon, 01 Jan 0001 00:00:00 +0000

Response-derived HTML parsed via DOMParser.parseFromString.

Generated by OWASP PTK IAST Module

Response field rendered via document.write

Mon, 01 Jan 0001 00:00:00 +0000

Response-derived data reached document.write.

Generated by OWASP PTK IAST Module

Response field rendered via DOM mutation

Mon, 01 Jan 0001 00:00:00 +0000

Response-derived data reached DOM mutation sinks.

Generated by OWASP PTK IAST Module

Response field rendered via innerHTML

Mon, 01 Jan 0001 00:00:00 +0000

Response-derived data reached innerHTML.

Generated by OWASP PTK IAST Module

Response field rendered via insertAdjacentHTML

Mon, 01 Jan 0001 00:00:00 +0000

Response-derived HTML reached insertAdjacentHTML.

Generated by OWASP PTK IAST Module

Response field rendered via outerHTML

Mon, 01 Jan 0001 00:00:00 +0000

Response-derived data reached outerHTML.

Generated by OWASP PTK IAST Module

Response field rendered via setHTMLUnsafe

Mon, 01 Jan 0001 00:00:00 +0000

Response-derived HTML reached Element.setHTMLUnsafe.

Generated by OWASP PTK IAST Module

Response field rendered via ShadowRoot.setHTMLUnsafe

Mon, 01 Jan 0001 00:00:00 +0000

Response-derived HTML reached ShadowRoot.setHTMLUnsafe.

Generated by OWASP PTK IAST Module

Review DOMParser.parseFromString with dynamic HTML/XML

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

Review uses of appendChild

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

Review Vue v-html template usage

Mon, 01 Jan 0001 00:00:00 +0000

Detects dynamic client-side template compilation/rendering where attacker-controlled templates or outputs are injected into the DOM.

Generated by OWASP PTK SAST Module

Server Side Code Injection - ASP Code Injection

Mon, 01 Jan 0001 00:00:00 +0000

A code injection may be possible including custom code that will be evaluated by the scripting engine.

Server Side Code Injection - PHP Code Injection

Mon, 01 Jan 0001 00:00:00 +0000

A code injection may be possible including custom code that will be evaluated by the scripting engine.

Server Side Include

Mon, 01 Jan 0001 00:00:00 +0000

Certain parameters may cause Server Side Include commands to be executed. This may allow database connection or arbitrary code to be executed.

Server Side Template Injection

Mon, 01 Jan 0001 00:00:00 +0000

When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.

Server Side Template Injection (Blind)

Mon, 01 Jan 0001 00:00:00 +0000

setInterval(string) from storage/referrer taint

Mon, 01 Jan 0001 00:00:00 +0000

Storage/referrer taint reached setInterval(string).

Generated by OWASP PTK IAST Module

setTimeout(string) from storage/referrer taint

Mon, 01 Jan 0001 00:00:00 +0000

Storage/referrer taint reached setTimeout(string).

Generated by OWASP PTK IAST Module

SOAP Action Spoofing

Mon, 01 Jan 0001 00:00:00 +0000

An unintended SOAP operation was executed by the server.

SOAP XML Injection

Mon, 01 Jan 0001 00:00:00 +0000

Some XML injected code has been interpreted by the server.

SPA hash DOM XSS

Mon, 01 Jan 0001 00:00:00 +0000

Tests hash-based SPA parameters (http://host/#/route?param=…) for DOM XSS by mutating the hash in a dedicated attack tab and inspecting the DOM.

Generated by OWASP PTK DAST Module

Spring4Shell

Mon, 01 Jan 0001 00:00:00 +0000

The application appears to be vulnerable to CVE-2022-22965 (otherwise known as Spring4Shell) - remote code execution (RCE) via data binding.

SQL Injection

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

SQL Injection - Double Quote (after)

Mon, 01 Jan 0001 00:00:00 +0000

A SQL injection attack consists of insertion or injection of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to affect the execution of predefined SQL commands.

SQL Injection - Double Quote (before)

Mon, 01 Jan 0001 00:00:00 +0000

SQL Injection - Hypersonic SQL (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

SQL Injection - MsSQL (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

SQL Injection - MySQL (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

SQL Injection - Oracle (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

SQL Injection - PostgreSQL (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

SQL Injection - Single Quote (after)

Mon, 01 Jan 0001 00:00:00 +0000

SQL Injection - Single Quote (before)

Mon, 01 Jan 0001 00:00:00 +0000

SQL Injection - SQLite (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

SQL Injection - SQLite (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

Suspicious Input Transformation - Arithmetic Evaluation

Mon, 01 Jan 0001 00:00:00 +0000

The application performed a suspicious input transformation that may indicate a security vulnerability. The input was transformed in an unexpected way, suggesting potential issues with input validation, encoding/decoding, or expression evaluation. This could indicate vulnerabilities such as server-side template injection, expression language injection, unicode normalization issues, or other input processing flaws that may be exploitable.

Suspicious Input Transformation - EL Evaluation

Mon, 01 Jan 0001 00:00:00 +0000

Suspicious Input Transformation - Expression Evaluation

Mon, 01 Jan 0001 00:00:00 +0000

Suspicious Input Transformation - Quote Consumption

Mon, 01 Jan 0001 00:00:00 +0000

Suspicious Input Transformation - Template Evaluation

Mon, 01 Jan 0001 00:00:00 +0000

Suspicious Input Transformation - Unicode Byte Truncation

Mon, 01 Jan 0001 00:00:00 +0000

Suspicious Input Transformation - Unicode Case Conversion

Mon, 01 Jan 0001 00:00:00 +0000

Suspicious Input Transformation - Unicode Combining Diacritic

Mon, 01 Jan 0001 00:00:00 +0000

Suspicious Input Transformation - Unicode Normalisation

Mon, 01 Jan 0001 00:00:00 +0000

Suspicious Input Transformation - URL Decoding Error

Mon, 01 Jan 0001 00:00:00 +0000

Tainted data compiled as AngularJS template

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

Tainted data passed to AngularJS $parse

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

Tainted string executed via setInterval

Mon, 01 Jan 0001 00:00:00 +0000

Tainted string passed as the first argument to setInterval(), leading to repeated code execution.

Generated by OWASP PTK IAST Module

Tainted string executed via setTimeout

Mon, 01 Jan 0001 00:00:00 +0000

Tainted string passed as the first argument to setTimeout(), leading to code execution.

Generated by OWASP PTK IAST Module

Template injection (taint flow)

Mon, 01 Jan 0001 00:00:00 +0000

Detects dynamic client-side template compilation/rendering where attacker-controlled templates or outputs are injected into the DOM.

Generated by OWASP PTK SAST Module

Template output injected into DOM

Mon, 01 Jan 0001 00:00:00 +0000

Detects dynamic client-side template compilation/rendering where attacker-controlled templates or outputs are injected into the DOM.

Generated by OWASP PTK SAST Module

template.innerHTML with dynamic content

Mon, 01 Jan 0001 00:00:00 +0000

Generated by OWASP PTK SAST Module

User Controllable Charset

Mon, 01 Jan 0001 00:00:00 +0000

This check looks at user-supplied input in query string parameters and POST data to identify where Content-Type or meta tag charset declarations might be user-controlled. Such charset declarations should always be declared by the application. If an attacker can control the response charset, they could manipulate the HTML to perform XSS or other attacks. For example, an attacker controlling the element charset value is able to declare UTF-7 and is also able to include enough user-controlled payload early in the HTML document to have it interpreted as UTF-7. By encoding their payload with UTF-7 the attacker is able to bypass any server-side XSS protections and embed script in the page.

User Controllable HTML Element Attribute (Potential XSS)

Mon, 01 Jan 0001 00:00:00 +0000

This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.

User Controllable JavaScript Event (XSS)

Mon, 01 Jan 0001 00:00:00 +0000

XML External Entity Attack

Mon, 01 Jan 0001 00:00:00 +0000

This technique takes advantage of a feature of XML to build documents dynamically at the time of processing. An XML message can either provide data explicitly or by pointing to an URI where the data exists. In the attack technique, external entities may replace the entity value with malicious data, alternate referrals or may compromise the security of the data the server/XML application has access to. Attackers may also use External Entities to have the web services server download malicious code or content to the server for use in secondary or follow on attacks.

XPath Injection

Mon, 01 Jan 0001 00:00:00 +0000

XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents. It can be used directly by an application to query an XML document, as part of a larger operation such as applying an XSLT transformation to an XML document, or applying an XQuery to an XML document. The syntax of XPath bears some resemblance to an SQL query, and indeed, it is possible to form SQL-like queries on an XML document using XPath.

XSLT Injection

Mon, 01 Jan 0001 00:00:00 +0000

Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.

XSS - attribute context img onerror

Mon, 01 Jan 0001 00:00:00 +0000

Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn’t load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.

XSS - attribute-name event injection

Mon, 01 Jan 0001 00:00:00 +0000

XSS - double-quoted attribute event injection

Mon, 01 Jan 0001 00:00:00 +0000

XSS - Img onerror

Mon, 01 Jan 0001 00:00:00 +0000

XSS - Img onerror

Mon, 01 Jan 0001 00:00:00 +0000

XSS - JS block comment break-out

Mon, 01 Jan 0001 00:00:00 +0000

XSS - JS expression replacement

Mon, 01 Jan 0001 00:00:00 +0000

XSS - JS single-quoted string break-out

Mon, 01 Jan 0001 00:00:00 +0000

XSS - JS slash/regex literal break-out

Mon, 01 Jan 0001 00:00:00 +0000

XSS - JS string break-out

Mon, 01 Jan 0001 00:00:00 +0000

XSS - JS template literal break-out

Mon, 01 Jan 0001 00:00:00 +0000

XSS - Script tag after noscript tag

Mon, 01 Jan 0001 00:00:00 +0000

XSS - single-quoted attribute event injection

Mon, 01 Jan 0001 00:00:00 +0000

XSS - SVG onload polyglot

Mon, 01 Jan 0001 00:00:00 +0000

XSS - Svg tag with animation event

Mon, 01 Jan 0001 00:00:00 +0000

XSS - tag-name SVG onload injection

Mon, 01 Jan 0001 00:00:00 +0000