1

I need to manually confirm. the following... how do i go about it?

I have tried putting the parameter as the login name and the ZAP AND 1=1-- as the password in the form....this doesn't work. Do i even use the login form or do i use the URL and craft a special URL to attack this successfully?

URL: https://xx.xxx.xx.xxx/scripts/userscripts/UserScript.pl?function=commitmodifyirisagent

Method: POST

Parameter: site

Attack ZAP AND 1=1 --

Joe C
  • 11
  • 3

1 Answers1

1

Why not reproducing the attack using the URL supplied by Zap? You can see in Zap's report what is the suspicious URL, and there is also an evidence.

Omer Levi Hevroni
  • 1,935
  • 1
  • 15
  • 33
  • Because the URL is just the base URL, its not crafted to take advantage of the vulnerability. I need to know how to craft the URL to do so. – Joe C Apr 22 '18 at 10:43
  • I think you can get all the HTTP messages from Zap, look like this will give you also the one with SQL injection: `/JSON/core/view/messages/?zapapiformat=JSON&formMethod=GET&baseurl=&start=&count=` – Omer Levi Hevroni Apr 23 '18 at 05:30