Missing SQL Injection in demo.testfire.net

307 views
Skip to first unread message

gepea

unread,
Oct 11, 2021, 3:13:03 AM10/11/21
to OWASP ZAP User Group
Hi.
I am trying to configure ZAP to scan demo.testfire.net.
On the loggin page (http://demo.testfire.net/login.jsp), there is a known SQL Injection ... but I cannot detect it with ZAP.
Any advice for the configuration of ZAP ?
Thanks

Simon Bennetts

unread,
Oct 11, 2021, 4:26:23 AM10/11/21
to OWASP ZAP User Group
Which scan rules are you using?
Have you tried the Advanced SQL Injection Scanner?

gepea

unread,
Oct 11, 2021, 6:37:54 AM10/11/21
to OWASP ZAP User Group
Yes I am using this plugin (and others).
Here is the scan policy
zap1.jpg
Thanks.

gepea

unread,
Oct 19, 2021, 3:19:45 AM10/19/21
to OWASP ZAP User Group
Any news for me ?

kingthorin+owaspzap

unread,
Oct 19, 2021, 9:48:17 AM10/19/21
to OWASP ZAP User Group
Doesn't seem to be.
Reply all
Reply to author
Forward
0 new messages