Open jitendra-90 opened 1 week ago
Ummm you seem to be leaking passwords in cookies.
The issue here is more that an empty response is triggering the alert.
Any status code could still be leaking the actual info, non-compliant behaviour is seen all the time.
this is the alert detail, How can I reproduce this, while this type URL is not existed in the whole application.
The same alert is also coming in other applications on the basis of "/"
You seem to have header injection enabled. So this occurred when comparing the differences between the original, and injected value, and a control value when manipulating the request's host
header. (Same for #8519)
How can I solve it?
It's likely a false positive due to unhandled empty response (in the scan rule).
Describe the bug
I am not able to replicate the issue. there in reponse getting not found or bad request, then how can we say that this "Source Code Disclosure - File Inclusion" alert. Request: GET https://pentestingapp.azurewebsites.net/.idea HTTP/1.1 host: /.idea User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Connection: keep-alive Cookie: ARRAffinity=92ca53ad8db4fbb93d4d3b7d8ab54dcf8ffecb2d731f25b0e91ad575d7534c3f; ARRAffinitySameSite=92ca53ad8db4fbb93d4d3b7d8ab54dcf8ffecb2d731f25b0e91ad575d7534c3f; UserName=jitedra; password=123456; .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8M0wyS_0YC9LvkHdMgGLGWXc6EiUicAxqSP_BzcW1BoAEyecLhX0lQOeKRXJ112inQn6ZtnJfRMqAAM_SgjJlqArsuyfnAniwOcdAkl1ztez7-m1yHX9FwEIy6_aPhn1Z2rQuQT8S-JNCeKe4cSW22Y Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Priority: u=1 x-zap-scan-id: 43
Response: HTTP/1.1 400 Bad Request Content-Length: 0 Connection: close Date: Thu, 13 Jun 2024 15:25:31 GMT
Steps to reproduce the behavior
not reproducible
Expected behavior
this alert should not be come
Software versions
2.15.0
Screenshots
Errors from the zap.log file
No response
Additional context
No response
Would you like to help fix this issue?