Detecting Blind SQLi with ZAP

34 views
Skip to first unread message

True Pentest

unread,
Mar 5, 2025, 12:37:24 AM3/5/25
to ZAP User Group
Hello members,

I am working on a Laravel framework that generates a 500 response when I insert a single quote (') to reset a password however, ZAP doesn't trigger a critical alert on this vulnerability. Any idea why ? (from the box HTB usage on Hack the box platform)
  laravel1.PNG
laravel2.PNG

laravel3.PNG
Thank you.

Simon Bennetts

unread,
Mar 11, 2025, 5:39:17 AM3/11/25
to ZAP User Group
Hiya,

This is a known bug which we have to fix relatively soon.

Cheers,

Simon
Reply all
Reply to author
Forward
0 new messages