Ganesh Dagadi

The demo link in the readme file also gives CANNOT GET /status error. The complete URL is [ https://hackathon-starter.walcony.com/status](url)

I went over the error log files and had a look at the code, [This](https://github.com/zaproxy/zap-extensions/blob/495bc2f31359c07eda59d8c737c9837c1e1241e0/addOns/network/src/main/java/org/zaproxy/addon/network/internal/client/apachev5/HttpSenderApache.java#L490-L492) is where the connection loss is detected and thrown as `IOException` I believe that this...

I went through the code and got a high level idea of what `sqliplugin` does. 1. It sends a clean request and stores the response. 2. Different types of payloads...

Why is it that the response from the `true` payload is compared to original response, and if they are similar, the `false` payload is sent? Couldn't we just first send...

Ive done the required changes however, there are no test cases in the plugin. How do I validate that I dint break anything?

Ok I will add it. Does it have to be on a different pull request and commit from the comparable response changes?

I encountered two issues while writing the UNION exploitation technique test cases. 1. The `origMsg` to which the returned response from request containing`ORDER BY` is compared is always ``. So...

PR submitted

https://github.com/zaproxy/zap-extensions/blob/main/addOns/sqliplugin/src/main/java/org/zaproxy/zap/extension/sqliplugin/SQLInjectionScanRule.java#L603 is where the origMsg is initially taking the base message (which I assume is where ``is returned). https://github.com/zaproxy/zap-extensions/blob/main/addOns/sqliplugin/src/main/java/org/zaproxy/zap/extension/sqliplugin/SQLInjectionScanRule.java#L636 is one more place where origMsg is assigned, though in the...

> 2\. Once `order by` successfully finds the number of columns, Union requests are sent. Here is an example > `id=) UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,'NRQKHjIvjq',NULL,NULL,NULL,NULL` > Here `NRQKHjIvjq` appears to...