wrongsecrets
wrongsecrets copied to clipboard
Published
20 hours ago •
OWASP
OWASP
DAST scan - Investigate & fix if required results of the ZAP scan
A ZAP baseline scan demonstrates several issues. Investigate each of these issues and create a fix if required, or leave on ignore if not relevant. Full ZAP report can be found in GitHub Actions.
Issues:
- [ ] Information Disclosure - Suspicious Comments [10027]
- [ ] User Controllable HTML Element Attribute (Potential XSS) [10031]
- [ ] Non-Storable Content [10049]
- [ ] Cookie without SameSite Attribute [10054]
- [ ] CSP: Wildcard Directive [10055]
- [ ] Permissions Policy Header Not Set [10063]
- [ ] Modern Web Application [10109]
- [ ] Dangerous JS Functions [10110]
- [ ] Loosely Scoped Cookie [90033]
Please provide relevant logs
IGNORE: Information Disclosure - Suspicious Comments [10027] x 14
http://localhost:8080/webjars/bootstrap/5.2.3/js/bootstrap.bundle.min.js (200 OK)
http://localhost:8080/webjars/datatables/1.13.2/js/dataTables.bootstrap5.min.js (200 OK)
http://localhost:8080/webjars/datatables/1.13.2/js/jquery.dataTables.min.js (200 OK)
http://localhost:8080/webjars/github-buttons/2.14.1/dist/buttons.js (200 OK)
http://localhost:8080/webjars/jquery/3.6.3/jquery.js (200 OK)
IGNORE: User Controllable HTML Element Attribute (Potential XSS) [10031] x 6
http://localhost:8080/challenge/0 (200 OK)
http://localhost:8080/challenge/0 (200 OK)
http://localhost:8080/challenge/0 (200 OK)
http://localhost:8080/challenge/2 (200 OK)
http://localhost:8080/challenge/2 (200 OK)
IGNORE: Non-Storable Content [10049] x 11
http://localhost:8080 (200 OK)
http://localhost:8080/ (200 OK)
http://localhost:8080/challenge/0 (200 OK)
http://localhost:8080/challenge/1 (200 OK)
http://localhost:8080/challenge/2 (200 OK)
IGNORE: Cookie without SameSite Attribute [10054] x 1
http://localhost:8080/challenge/0 (200 OK)
IGNORE: CSP: Wildcard Directive [10055] x 12
http://localhost:8080 (200 OK)
http://localhost:8080/challenge/0 (200 OK)
http://localhost:8080/robots.txt (404 Not Found)
http://localhost:8080/sitemap.xml (404 Not Found)
http://localhost:8080 (200 OK)
IGNORE: Permissions Policy Header Not Set [10063] x 11
http://localhost:8080 (200 OK)
http://localhost:8080/ (200 OK)
http://localhost:8080/challenge/0 (200 OK)
http://localhost:8080/challenge/1 (200 OK)
http://localhost:8080/challenge/2 (200 OK)
IGNORE: Modern Web Application [10109] x 11
http://localhost:8080 (200 OK)
http://localhost:8080/ (200 OK)
http://localhost:8080/challenge/0 (200 OK)
http://localhost:8080/challenge/1 (200 OK)
http://localhost:8080/challenge/2 (200 OK)
IGNORE: Dangerous JS Functions [10110] x 1
http://localhost:8080/webjars/jquery/3.6.3/jquery.js (200 OK)
IGNORE: Loosely Scoped Cookie [90033] x 1
http://localhost:8080/challenge/0 (200 OK)
Any possible solutions?
Needs further investigation per issue.
If the bug is confirmed, would you be willing to submit a PR?
Yes
