POLICY_SEQUENCE on ZAP

CRLF Injection

Mon, 01 Jan 0001 00:00:00 +0000

Cookie can be set via CRLF injection. It may also be possible to set arbitrary HTTP response headers. In addition, by carefully crafting the injected response using cross-site script, cache poisoning vulnerability may also exist.

Cross Site Scripting (DOM Based)

Mon, 01 Jan 0001 00:00:00 +0000

Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user’s browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology. When an attacker gets a user’s browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.

Cross Site Scripting (Reflected)

Mon, 01 Jan 0001 00:00:00 +0000

External Redirect

Mon, 01 Jan 0001 00:00:00 +0000

URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.

External Redirect

Mon, 01 Jan 0001 00:00:00 +0000

External Redirect

Mon, 01 Jan 0001 00:00:00 +0000

External Redirect

Mon, 01 Jan 0001 00:00:00 +0000

HTTPS Configuration

Mon, 01 Jan 0001 00:00:00 +0000

Performs HTTPS configuration analysis including certificate details and supported cipher suites.

HTTPS Security Configuration Issues

Mon, 01 Jan 0001 00:00:00 +0000

The HTTPS configuration has one or more security issues identified by the TLS risk assessment.

Out of Band XSS

Mon, 01 Jan 0001 00:00:00 +0000

Path Traversal

Mon, 01 Jan 0001 00:00:00 +0000

The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.

Path Traversal

Mon, 01 Jan 0001 00:00:00 +0000

Path Traversal

Mon, 01 Jan 0001 00:00:00 +0000

Path Traversal

Mon, 01 Jan 0001 00:00:00 +0000

Path Traversal

Mon, 01 Jan 0001 00:00:00 +0000

Remote File Inclusion

Mon, 01 Jan 0001 00:00:00 +0000

Remote File Include (RFI) is an attack technique used to exploit “dynamic file include” mechanisms in web applications. When web applications take user input (URL, parameter value, etc.) and pass them into file include commands, the web application might be tricked into including remote files with malicious code.

Remote OS Command Injection

Mon, 01 Jan 0001 00:00:00 +0000

Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.

Remote OS Command Injection (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

Server Side Code Injection - ASP Code Injection

Mon, 01 Jan 0001 00:00:00 +0000

A code injection may be possible including custom code that will be evaluated by the scripting engine.

Server Side Code Injection - PHP Code Injection

Mon, 01 Jan 0001 00:00:00 +0000

A code injection may be possible including custom code that will be evaluated by the scripting engine.

Server Side Request Forgery

Mon, 01 Jan 0001 00:00:00 +0000

The web server receives a remote address and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Server Side Template Injection

Mon, 01 Jan 0001 00:00:00 +0000

When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.

Server Side Template Injection (Blind)

Mon, 01 Jan 0001 00:00:00 +0000

SOAP Action Spoofing

Mon, 01 Jan 0001 00:00:00 +0000

An unintended SOAP operation was executed by the server.

SOAP XML Injection

Mon, 01 Jan 0001 00:00:00 +0000

Some XML injected code has been interpreted by the server.

SQL Injection

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

SQL Injection - Hypersonic SQL (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

SQL Injection - MsSQL (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

SQL Injection - MySQL (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

SQL Injection - Oracle (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

SQL Injection - PostgreSQL (Time Based)

Mon, 01 Jan 0001 00:00:00 +0000

SQL injection may be possible.

Text4shell (CVE-2022-42889)

Mon, 01 Jan 0001 00:00:00 +0000

Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults.Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.The application has been shown to initial contact with remote servers via variable interpolation and may well be vulnerable to Remote Code Execution (RCE).

XML External Entity Attack

Mon, 01 Jan 0001 00:00:00 +0000

This technique takes advantage of a feature of XML to build documents dynamically at the time of processing. An XML message can either provide data explicitly or by pointing to an URI where the data exists. In the attack technique, external entities may replace the entity value with malicious data, alternate referrals or may compromise the security of the data the server/XML application has access to. Attackers may also use External Entities to have the web services server download malicious code or content to the server for use in secondary or follow on attacks.

XPath Injection

Mon, 01 Jan 0001 00:00:00 +0000

XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents. It can be used directly by an application to query an XML document, as part of a larger operation such as applying an XSLT transformation to an XML document, or applying an XQuery to an XML document. The syntax of XPath bears some resemblance to an SQL query, and indeed, it is possible to form SQL-like queries on an XML document using XPath.

XSLT Injection

Mon, 01 Jan 0001 00:00:00 +0000

Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.