jitendra-90 comments

Results 14 comments of


                                            jitendra-90

Getting High Alert ("SQL injection may be possible"), whie we are not using sql in the application.

When I am trying to install 2.15 version then detecting malware while creating files in plugin folder

Getting High Alert ("SQL injection may be possible"), whie we are not using sql in the application.

I am attaching the detail of detected malware ![image](https://github.com/zaproxy/zaproxy/assets/163534165/2fd66d75-eaa8-463b-90a9-e8b7fdc791c4)

"NoSQL Injection - MongoDB" high alert showing in report but we are not using mongoDB

Bellow is the description of alert while we are not using MongoDb in our application High Alert --> NoSQL Injection - MongoDB Description --> MongoDB query injection may be possible....

"NoSQL Injection - MongoDB" high alert showing in report but we are not using mongoDB

How can I try this to attack by Zap Tool

"NoSQL Injection - MongoDB" high alert showing in report but we are not using mongoDB

I am attaching alert screenshot, please have a look ![MongoDB-Alert](https://github.com/zaproxy/zaproxy/assets/163534165/d51babc4-cf47-4038-8f73-d30ec3b2dd67)

Remote Code Execution - Shell Shock on Windows OS

Can you tell me how can I fix this issue?

Remote Code Execution - Shell Shock on Windows OS

is any way that I can reproduce this?

Remote Code Execution - Shell Shock on Windows OS

My Application is hosted on Azure windows server.

Remote Code Execution - Shell Shock on Windows OS

Is it false Positive?

Source Code Disclosure - File Inclusion

![image](https://github.com/zaproxy/zaproxy/assets/163534165/12d5e94a-d121-41ff-9cec-39f5bdba5a0f) this is the alert detail, How can I reproduce this, while this type URL is not existed in the whole application. The same alert is also coming in other...