meetinthemiddle-be
meetinthemiddle-be
Partly, yes and at the same time, I'm thinking it might be good to split it up in smaller chunks like this one. Going through an entire RFC is quite...
I'm having the exact same issue; /device/list_apps module returns an empty list, but still asks for a number to input. manually setting APP to com.publisher.appname results in a KeyError (to...
Like @peterfillmore , for me toggling Electra "tweaks" didn't produce different results for Needle. Aside from this issue, it might be an idea to catch this condition (zero length app...
If this is a limitation of Needle and it's documented, that's the way it is. Is there still a possibility of just using the UUID in the APP variable directly...
I can confirm that this still happens in ZAP 2.8, e.g. on URLs like https://xyz.com/core/*.css$ where the SQL payload is sent in a cookie with the request.
> What browser are you trying to re-create with and how are you launching it? On mac, I cannot reproduce in Firefox (94.0.1), Chrome (95.0.4638.69) nor Safari (15.1) by pasting...
> Note as of the latest version of the DOM XSS add-on it actually gets the text from the dialog and checks the content, so it's very unlikely that this...
When launching Firefox from Manual Explore with HUD enabled and then triggering Active Scan from the HUD, the finding also gets reported. After clicking through on the finding to get...
Also, as you advised another user with a similar problem on https://groups.google.com/g/zaproxy-users/c/tcnjPkVUNjM, I triggered the JuiceShop DOM XSS and my Firefox installaton is not blocking the XSS payload there, so...
Additional info: When using the CLI scan from docker, Rule 40026 passes and the DOM XSS does not get reported: ``` $ docker run -t --net demo-network owasp/zap2docker-stable zap-full-scan.py -t...