If a multipart/form-data POST request is made then it appears in the sites tree as POST:pagename()(multipart/form-data)
This means that if there are multiple POSTs to the same URL with different parameters then they still appear as one node.
That means that ZAP cannot attack them individually, it will only be able to attack one of them.
The solution is to include the names of the parameters in the node, in a similar way to the other POST requests.
If a multipart/form-data POST request is made then it appears in the sites tree as
POST:pagename()(multipart/form-data)This means that if there are multiple POSTs to the same URL with different parameters then they still appear as one node. That means that ZAP cannot attack them individually, it will only be able to attack one of them.The solution is to include the names of the parameters in the node, in a similar way to the other POST requests.