PCI_DSS on ZAP

Buffer Overflow

Mon, 01 Jan 0001 00:00:00 +0000

Buffer overflow errors are characterized by the overwriting of memory spaces of the background web process, which should have never been modified intentionally or unintentionally. Overwriting values of the IP (Instruction Pointer), BP (Base Pointer) and other registers causes exceptions, segmentation faults, and other process errors to occur. Usually these errors end execution of the application in an unexpected way.

Cross Site Scripting (Persistent)

Mon, 01 Jan 0001 00:00:00 +0000

Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology. When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.

Cross Site Scripting (Persistent)

Mon, 01 Jan 0001 00:00:00 +0000

Cross Site Scripting (Persistent) - Prime

Mon, 01 Jan 0001 00:00:00 +0000

Cross Site Scripting (Persistent) - Spider

Mon, 01 Jan 0001 00:00:00 +0000

Cross Site Scripting (Reflected)

Mon, 01 Jan 0001 00:00:00 +0000

Cross Site Scripting Weakness (Persistent in JSON Response)

Mon, 01 Jan 0001 00:00:00 +0000

A XSS attack was found in a JSON response, this might leave content consumers vulnerable to attack if they don’t appropriately handle the data (response).

ELMAH Information Leak

Mon, 01 Jan 0001 00:00:00 +0000

The Error Logging Modules and Handlers (ELMAH [elmah.axd]) HTTP Module was found to be available. This module can leak a significant amount of valuable information.

Expression Language Injection

Mon, 01 Jan 0001 00:00:00 +0000

The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. In certain versions of Spring 3.0.5 and earlier, there was a vulnerability (CVE-2011-2730) in which Expression Language tags would be evaluated twice, which effectively exposed any application to EL injection. However, even for later versions, this weakness is still possible depending on configuration.

LDAP Injection

Mon, 01 Jan 0001 00:00:00 +0000

LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.

LDAP Injection - activedirectory

Mon, 01 Jan 0001 00:00:00 +0000

LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.

Log4Shell (CVE-2021-44228)

Mon, 01 Jan 0001 00:00:00 +0000

Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default.

Log4Shell (CVE-2021-45046)

Mon, 01 Jan 0001 00:00:00 +0000

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments.

NoSQL Injection - MongoDB

Mon, 01 Jan 0001 00:00:00 +0000

MongoDB query injection may be possible.

NoSQL Injection - MongoDB (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

MongoDB query injection may be possible.

Out of Band XSS

Mon, 01 Jan 0001 00:00:00 +0000

Path Traversal

Mon, 01 Jan 0001 00:00:00 +0000

The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.

Path Traversal

Mon, 01 Jan 0001 00:00:00 +0000

Path Traversal

Mon, 01 Jan 0001 00:00:00 +0000

Path Traversal

Mon, 01 Jan 0001 00:00:00 +0000

Path Traversal

Mon, 01 Jan 0001 00:00:00 +0000

Remote Code Execution (React2Shell)

Mon, 01 Jan 0001 00:00:00 +0000

The server is running Next.js and vulnerable versions of React Server Components with Next.js which allow remote attackers to execute arbitrary code.

Remote OS Command Injection

Mon, 01 Jan 0001 00:00:00 +0000

Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.

Remote OS Command Injection (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

Server Side Code Injection - ASP Code Injection

Mon, 01 Jan 0001 00:00:00 +0000

A code injection may be possible including custom code that will be evaluated by the scripting engine.

Server Side Code Injection - PHP Code Injection

Mon, 01 Jan 0001 00:00:00 +0000

A code injection may be possible including custom code that will be evaluated by the scripting engine.

Server Side Request Forgery

Mon, 01 Jan 0001 00:00:00 +0000

The web server receives a remote address and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Spring4Shell

Mon, 01 Jan 0001 00:00:00 +0000

The application appears to be vulnerable to CVE-2022-22965 (otherwise known as Spring4Shell) - remote code execution (RCE) via data binding.

SQL Injection

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

SQL Injection - Hypersonic SQL (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

SQL Injection - MsSQL (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

SQL Injection - MySQL (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

SQL Injection - Oracle (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

SQL Injection - PostgreSQL (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

SQL Injection - SQLite (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

SQL Injection - SQLite (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

Text4shell (CVE-2022-42889)

Mon, 01 Jan 0001 00:00:00 +0000

Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults.Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.The application has been shown to initial contact with remote servers via variable interpolation and may well be vulnerable to Remote Code Execution (RCE).

Web Cache Deception

Mon, 01 Jan 0001 00:00:00 +0000

Web cache deception may be possible. It may be possible for unauthorised user to view sensitive data on this page.

XML External Entity Attack

Mon, 01 Jan 0001 00:00:00 +0000

This technique takes advantage of a feature of XML to build documents dynamically at the time of processing. An XML message can either provide data explicitly or by pointing to an URI where the data exists. In the attack technique, external entities may replace the entity value with malicious data, alternate referrals or may compromise the security of the data the server/XML application has access to. Attackers may also use External Entities to have the web services server download malicious code or content to the server for use in secondary or follow on attacks.

XPath Injection

Mon, 01 Jan 0001 00:00:00 +0000

XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents. It can be used directly by an application to query an XML document, as part of a larger operation such as applying an XSLT transformation to an XML document, or applying an XQuery to an XML document. The syntax of XPath bears some resemblance to an SQL query, and indeed, it is possible to form SQL-like queries on an XML document using XPath.

XSLT Injection

Mon, 01 Jan 0001 00:00:00 +0000

Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.