You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I try to launch zap-cli on the WebGoat application.
It just detect near 20 vulnerabilities.
In fact, it does not seems to scan the url behind the authentication (basics form authent).
I create a context file form the UI, with a registered user (forced user, ..etc)
It seems that the spider-ajax does not pass behind the authentication.
I try to launch zap-cli on the WebGoat application.
It just detect near 20 vulnerabilities.
In fact, it does not seems to scan the url behind the authentication (basics form authent).
I create a context file form the UI, with a registered user (forced user, ..etc)
It seems that the spider-ajax does not pass behind the authentication.
zap-cli session new
zap-cli context import webgoat.context
zap-cli open-url http://localhost/WebGoat
zap-cli spider -c WebGoat -u tester http://localhost/WebGoat
zap-cli ajax-spider http://localhost/WebGoat
zap-cli -v quick-scan -c WebGoat -u tester --scanners all,xss,sqli,xss_persistent,xss_reflected --spider --ajax-spider --recursive -l Informational http://localhost/WebGoat
And i just found this :
89 SQLInjection High http://localhost/WebGoat/register.mvc
6 X-Frame-OptionsHeaderNotSet Medium http://localhost
472 ParameterTampering Medium http://localhost/WebGoat/register.mvc
16 CookieNoHttpOnlyFlag Low http://localhost/WebGoat/
16 CookieWithoutSameSiteAttribute Low http://localhost/WebGoat/
352 AbsenceofAnti-CSRFTokens Low http://localhost/WebGoat/login
352 AbsenceofAnti-CSRFTokens Low http://localhost/WebGoat/registration
352 AbsenceofAnti-CSRFTokens Low http://localhost/WebGoat/login?error
352 AbsenceofAnti-CSRFTokens Low http://localhost/WebGoat/register.mvc
16 X-Content-Type-OptionsHeaderMissing Low http://localhost
565 LooselyScopedCookie Informational http://localhost/WebGoat/
565 LooselyScopedCookie Informational http://localhost/WebGoat/
200 TimestampDisclosure-Unix Informational http://localhost/WebGoat/plugins/bootstrap/css/bootstrap.min.css
200 TimestampDisclosure-Unix Informational http://localhost/WebGoat/plugins/bootstrap/css/bootstrap.min.css
200 TimestampDisclosure-Unix Informational http://localhost/WebGoat/plugins/bootstrap/css/bootstrap.min.css
200 TimestampDisclosure-Unix Informational http://localhost/WebGoat/plugins/bootstrap/css/bootstrap.min.css
200 TimestampDisclosure-Unix Informational http://localhost/WebGoat/plugins/bootstrap/css/bootstrap.min.css
565 LooselyScopedCookie Informational http://localhost/WebGoat/
565 LooselyScopedCookie Informational http://localhost/WebGoat/
565 LooselyScopedCookie Informational http://localhost/WebGoat/
Is there any problem ? Or do i misconfigured the zap-cli ?
Thank you.
The text was updated successfully, but these errors were encountered: