zap

43 views
Skip to first unread message

sania kanwal

unread,
Jul 3, 2022, 9:10:20 AMJul 3
to OWASP ZAP User Group
application has buffer overflow vulnerability but zap is not detecting it what is reason?

Simon Bennetts

unread,
Jul 4, 2022, 3:35:41 AMJul 4
to OWASP ZAP User Group
How can we tell?
We dont know what app you are testing :P


Cheers,

Simon

sania kanwal

unread,
Jul 4, 2022, 7:19:32 AMJul 4
to OWASP ZAP User Group
I am using the Mutillidae application.

kingthorin+owaspzap

unread,
Jul 4, 2022, 12:33:13 PMJul 4
to OWASP ZAP User Group
Excellent, good for you.

sania kanwal

unread,
Jul 5, 2022, 12:54:17 AMJul 5
to OWASP ZAP User Group
in the Mutillidae app buffer overflow and LDAP injection vulnerability are present but zap not detecting .. can I add it through  zest script?

Simon Bennetts

unread,
Jul 5, 2022, 4:09:59 AMJul 5
to OWASP ZAP User Group
First of all you need to work out how to detect them manually.
If you can do that then we can work with you to see if we can enhance ZAP to detect them automatically.
You cannot script something unless you know how to do it manually first.

Cheers,

Simon

sania kanwal

unread,
Jul 5, 2022, 4:51:58 AMJul 5
to OWASP ZAP User Group
buffer-overflow plugin in present in zap but detecting vulnerability even  by fuzzing you can even seen in screen short that I send
15.png
11.png
16.png
18.png
19.png

Simon Bennetts

unread,
Jul 6, 2022, 4:46:00 AMJul 6
to OWASP ZAP User Group
Sorry, I cant see anything in those screenshots that indicates there is a buffer overflow vulnerability.
What evidence have you found that indicates there is a problem?
Thats the first step - if theres no evidence we can use then we cant change the rule to detect it.

Cheers,

Simon
Reply all
Reply to author
Forward
0 new messages