Comments (5)
Please provide more details of the alert.
from zaproxy.
Bellow is the description of alert while we are not using MongoDb in our application
High Alert --> NoSQL Injection - MongoDB
Description --> MongoDB query injection may be possible.
Attack --> cloud-shape-dark.png[$ne]
Other Info --> In some PHP or NodeJS based back end implementations, in order to obtain sensitive data
it is possible to inject the "[$ne]" string (or other similar ones) that is processed as an
associative array
from zaproxy.
How can I try this to attack by Zap Tool
from zaproxy.
That is not enough information for us to work with.
We will need the full alert details, including the relevant request and response.
Feel free to obfuscate any sensitive information.
from zaproxy.
I am attaching alert screenshot, please have a look
from zaproxy.
Related Issues (20)
- Separate nodes for multipart/form-data POSTs to same URL with different parameters
- ZAP should display popup message when autoscan complete HOT 5
- issue when installing the new version HOT 9
- Getting High Alert ("SQL injection may be possible"), whie we are not using sql in the application. HOT 7
- ZAP ascanrules plugin detected by Bitdefender as trojan when starting on Windows 10 x64 HOT 1
- OpenAPI Import vnd.api+json support HOT 1
- ZAP 2.15.0 installer (Windows x64) detected as malicious by Microsoft Defender Antivirus HOT 17
- The default view of opening fuzzer window, can not add locations HOT 3
- ZAP crashed when autoscanning specific site on Windows 10 x64 HOT 4
- Certificate regeneration has problem with local servers, NPE in ExtensionNetwork.java line 1151 HOT 2
- HAR import fails silently HOT 7
- Heartfelt thank you HOT 3
- False Positive - Cookie Slack Detector
- false positive of sql Injection
- Unable to generate the report HOT 4
- Provided browser was not found error in ZAP. HOT 1
- ZAP creates an incorrect Authorization header when testing APIs HOT 7
- Failed to attack URL error appeared during autoscan specific site HOT 5
- UI search not highlighting correctly HOT 2
- False Positive results due to receiving a successful response HTTP/1.1 200 OK HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zaproxy.