-
-
Notifications
You must be signed in to change notification settings - Fork 724
HelpAddonsAscanrulesBetaAscanbeta
The following beta quality active scan rules are included in this add-on:
Scans for commonly-named backup copies of files on the web server, which may reveal sensitive information
Checks if the web server is configured to allow Cross Domain access, from a malicious third party service, for instance. Currently checks for wildcards in Adobe's crossdomain.xml, and in SilverLight's clientaccesspolicy.xml.
Detects if the web server is vulnerable to the Heartbleed OpenSSL Vulnerability, by exploiting it.
Detects (and exploits, depending on the scan settings) known insecure HTTP methods enabled for the URL.
LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.
Detect CVE-2012-1823 to perform Remote Code Execution on a PHP-CGI based web server.
Session Fixation may be possible. If this issue occurs with a login URL (where the user authenticates themselves to the application), then the URL may be given by an attacker, along with a fixed session id, to a victim, in order to later assume the identity of the victim using the given session id. If the issue occurs with a non-login page, the URL and fixed session id may only be used by an attacker to track an unauthenticated user's actions. If the vulnerability occurs on a cookie field or a form field (POST parameter) rather than on a URL (GET) parameter, then some other vulnerability may also be required in order to set the cookie field on the victim's browser, to allow the vulnerability to be exploited.
This scanner perform 2 attacks to detect servers vulnerable to CVE-2014-6271 aka ShellShock.
The first
is a simple reflected attack and the second is a time based attack.
Uses Subversion source code repository metadata to scan for files containing source code on the web server.
Exploit the presence of an unprotected /WEB-INF folder to download and decompile Java classes, to disclose
Java source code.
This scanner uses Hypersonic-specific SQL syntax to attempt to induce time delays in the SQL statement
called by the page.
If the unmodified query is not affected by a time delay, and the modified query's
delay can be controlled, it is indicative of a time-based SQL Injection vulnerability in a Hypersonic
SQL database.
This scanner is time sensitive, and should only be used in an attempt find find stubborn
and un-obvious SQL injection vulnerabilities in a suspected Hypersonic database.
For this reason, the
number of active scan threads should be set to the minimum when using this scanner, to minimise load
on the web server, application server, and database, in order to avoid false positives caused by load
delays rather than by SQL injection delays.
The scanner tests only for time-based SQL injection vulnerabilities.
Similar to the Hypersonic scanner, but specific to the MySQL RDBMS and SQL syntax.
Similar to the Hypersonic scanner, but specific to the Oracle RDBMS and SQL syntax.
Similar to the Hypersonic scanner, but specific to the PostgreSQL RDBMS and SQL syntax.
It may be possible to enumerate usernames, based on differing HTTP responses when valid and invalid usernames
are provided. This would greatly increase the probability of success of password brute-forcing attacks
against the system. Note that false positives may sometimes be minimised by increasing the 'Attack Strength'
Option in ZAP. Please manually check the 'Other Info' field to confirm if this is actually an issue.