Path Traversal
1,638 views
Skip to first unread message
Manfred Schinle
Oct 11, 2021, 5:00:13 PM10/11/21
to OWASP ZAP User Group
Hello, I'm a newbie, I scan different sites with the help of ovasp zap and have stumbled upon such a vulnerability several times already: https://example.com/wp-json/oembed/1.0/embed ?url=%2Fembed . Someone can explain how this vulnerability is arranged and what can be done with it. I've already tried https://example.com/wp-json/oembed/1.0/embed?url=../../../etc/passwd e.t.c. But maybe I dont understand something or is it false possitive. Please explain to me
Simon Bennetts
Oct 12, 2021, 4:29:44 AM10/12/21
to OWASP ZAP User Group
Have a look at https://owasp.org/www-community/attacks/Path_Traversal
Its impossible for us to know if its a false positive or not without much more info, which typically requires access to the target app.
If you do decide that its a false positive and think you know why then please let us know the details so we cant try to improve the scan rule.
Cheers,
Simon
kingthorin+owaspzap
Oct 12, 2021, 8:41:46 AM10/12/21
to OWASP ZAP User Group
If you want to dig into the code and really understand then check: https://github.com/zaproxy/zap-extensions/blob/98295b7e8a3107cc779feaeeb5d1c9f92f57b35b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/PathTraversalScanRule.java
Jose miguel
Apr 14, 2023, 10:43:22 AM4/14/23
to OWASP ZAP User Group
How to compile the code to be able to execute it
thank you
thank you
Simon Bennetts
Apr 14, 2023, 11:00:42 AM4/14/23
to OWASP ZAP User Group
Reply all
Reply to author
Forward
0 new messages