File Upload add-on
56 views
Skip to first unread message
moaath odeh
Sep 21, 2023, 5:10:45 PM9/21/23
to ZAP User Group
Hey,
I built a testLab for my bachelor thesis about FileUploads and wanted to test the owasp zap file upload add-on on it.
I built a testLab for my bachelor thesis about FileUploads and wanted to test the owasp zap file upload add-on on it.
I am having troubles understanding how to make it work. From what i have seen, all i need to do is provide the url where the file will be uploaded (which i did). but somehow the add-on doesnt work (or maybe i am clueless since i am fairly new to owasp zap).
Can someone help me?
here are the steps that i made:
1.install add-on
1.install add-on
2. configure add-on: in static url => http://localhost:10001/uploads/lvl1/$(fileName)
3. run automated test (aka active scan)
4. examine the results => nothing about file uploads
what i have also noticed is that the request sent to the website does not look like a multiform-data request:
owasp request body of post: fileToUpload=test_file.txt&submit=Upload
owasp request body of post: fileToUpload=test_file.txt&submit=Upload
normal request (for example):
- --abcde12345
- Content-Disposition: form-data; name="fileName"; filename="file1.txt"
- Content-Type: text/plain
- [file content goes there]
another question would be. how can i configure the scan to only test fileUpload? since its the only test i am interested in?
thx in advance!
Simon Bennetts
Sep 22, 2023, 3:13:18 AM9/22/23
to ZAP User Group
Hiya,
See this blog post: https://www.zaproxy.org/blog/2021-08-20-zap-fileupload-addon/
FYI this is a third party add-on and not maintained by the ZAP Core Team.
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages