Closed jitendra-90 closed 1 month ago
What are the details of the alert? What’s the response content of the message associated with the alert?
We definitely need more details. Ideally the full (redacted) alert, but at the very least the evidence.
Alert Name: LDAP Injection URL: https://pentestingapp.azurewebsites.net/.git Risk: High Confidence: Medium Parameter: Host Attack: Equivalent LDAP expression: [pentestingapp.azurewebsites.net)(objectClass=]. Random parameter: [wrhap49idji0re6og0e7b9vw7r9pr2a]. Evidence: CWE ID: 90 WASC ID: 29 Source: Active (40015 - LDAP Injection) Input Vector: HTTP Header Description: LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory. Other Info: parameter [host] on [GET] [https://pentestingapp.azurewebsites.net/.git] may be vulnerable to LDAP injection, by using the logically equivalent expression [pentestingapp.azurewebsites.net)(objectClass=], and FALSE expression [wrhap49idji0re6og0e7b9vw7r9pr2a]. Solution: Validate and/or escape all user input before using it to create an LDAP query. In particular, the following characters (or combinations) should be deny listed: & |
I have shared whole information of this alert.
Describe the bug
Getting LDAP Injection High alert on the url while that url is not exists in the application. Request: _GET https://pentestingapp.azurewebsites.net/.git HTTP/1.1 host: pentestingapp.azurewebsites.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Connection: keep-alive Cookie: ARRAffinity=92ca53ad8db4fbb93d4d3b7d8ab54dcf8ffecb2d731f25b0e91ad575d7534c3f; ARRAffinitySameSite=92ca53ad8db4fbb93d4d3b7d8ab54dcf8ffecb2d731f25b0e91ad575d7534c3f; .AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8M0wyS_0YC9LvkHdMgGLGWWEa3FAHQnn9HNKGFQKItdoqLfFH7AvDEj6MuoXQMG3IYxE9fZUjTmbCv_EXAOn4fHmbzZIDeL08kO7Q4CK2m3WPUfonOU80xbVAUO2oJ5SthRBxClrcJtIhC0OA5IcYI; Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Priority: u=1 x-zap-scan-id: 40035 Response: HTTP/1.1 404 Not Found Content-Length: 0 Date: Thu, 13 Jun 2024 00:04:31 GMT Server: Microsoft-IIS/10.0 Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:f91cc84e-d41a-464a-b202-cd5c7d2d81bd Cross-Origin-Resource-Policy: same-site X-Frame-Options: SAMEORIGIN Content-Security-Policy: script-src 'self' X-Powered-By: ASP.NET
Steps to reproduce the behavior
Not Reproduced
These type of urls I am getting this alert GET: https://pentestingapp.azurewebsites.net/.git GET: https://pentestingapp.azurewebsites.net/.idea GET: https://pentestingapp.azurewebsites.net/.ssh GET: https://pentestingapp.azurewebsites.net/.svn
Expected behavior
Not Reproduced
Software versions
2.15.0
Screenshots
No response
Errors from the zap.log file
No response
Additional context
No response
Would you like to help fix this issue?