Evidence field is empty for Rule "The source code for the current page was disclosed by the web server"

51 views
Skip to first unread message

Partha S S

unread,
Jun 28, 2022, 6:33:40 AM6/28/22
to OWASP ZAP User Group
Hi,

In reports ZAP creating critical alert for Source Code Disclosure - File Inclusion
But the Attack and Evidence field is empty, How to get details of this attack?

Regards,
Partha

Simon Bennetts

unread,
Jun 28, 2022, 6:41:56 AM6/28/22
to OWASP ZAP User Group
Hi Partha,

Are you sure?

How are you viewing the alert?

Cheers,

Simon

Partha S S

unread,
Jun 28, 2022, 8:18:42 AM6/28/22
to OWASP ZAP User Group
Thanks for fast replay.
Yes I am seeing blank fields. I checked for 2 different environments. I am using ZAP_WEEKLY_D-2022-06-15
I am using C#, at last of test run through API call we are generating reports.

evidence.png

Partha S S

unread,
Jul 1, 2022, 6:13:37 AM7/1/22
to OWASP ZAP User Group
Do I need to enable any settings to get this Evidence / Attack fields?

Simon Bennetts

unread,
Jul 1, 2022, 6:32:49 AM7/1/22
to OWASP ZAP User Group
No, that should always be set.
TBH I'm confused :/

Partha S S

unread,
Jul 4, 2022, 1:26:04 AM7/4/22
to OWASP ZAP User Group
Ok. Please check. Its generating report and informing issues, But no evidence. Since I am new, Not able to get use-case for reproducing.
Thanks
Reply all
Reply to author
Forward
0 new messages