Community script vulnerability: curl_command_generator.js

13 views
Skip to first unread message

Simon Bennetts

unread,
Mar 28, 2023, 9:57:56 AM3/28/23
to OWASP ZAP User Group
James Kettle has just published a blog post which explained how both Burp and Chrome were vulnerable to an attack on their "copy as curl" feature.

It turns out that the ZAP Community script curl_command_generator.js is also vulnerable.

We are working on a fix.
In the meantime be careful when using this script - it should be ok on apps you know are safe, but for potentially mallicious apps you should not use it until we've released the fix.

Many thanks,

Simon
Reply all
Reply to author
Forward
0 new messages