Karan Preet Singh Sasan
Karan Preet Singh Sasan
**Is your feature request related to a problem? Please describe.** Currently VulnerableApp doesn't contain any session related vulnerabilities however, backend and frontend frameworks can now support it so in this...
**Is your feature request related to a problem? Please describe.** SAST tools like SonarSource, want to evaluate their accuracy and improvements in finding security vulnerabilities. Now as the VulnerableApp is...
**Is your feature request related to a problem? Please describe.** Currently, we are not having a way to know if there is any breaking change between various releases. Like say,...
**Describe the enhancement ** Path Traversal Vulnerability doesn't have a secure implementation so we need to add the Secure implementation. This vulnerability, we need to also validate other levels for...
**Describe the bug** There are few levels in Http3xxStatusCodeBasedInjection Vulnerability which are a secure implementation so we need to add the Secure variant to the Annotation. This bug also includes...
**Describe the bug** Currently path traversal vulnerability is using query params with Map: https://github.com/SasanLabs/VulnerableApp/blob/master/src/main/java/org/sasanlabs/service/vulnerability/pathTraversal/PathTraversalVulnerability.java#L93-L94 which should be changed to springboot queryparam injection directly.
**Is your feature request related to a problem? Please describe.** Blind SSRF is a very important vulnerability and it is currently not present in Owasp VulnerableApp. A good tutorial video...
**Is your feature request related to a problem? Please describe.** We have not included the Remote File Inclusion vulnerability in the VulnerableApp. A very good tutorial to follow: https://www.youtube.com/watch?v=MHBoCVvzXzc **Describe...
**Is your feature request related to a problem? Please describe.** Currently, we have 2 levels for LFI vulnerability but because it is a very common vulnerability and has a lot...
Error logs: ``` org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'UnrestrictedFileUpload' defined in URL [jar:file:/Users/ksinghsasa/Learning%20Stuff/Web%20Application%20Proxy%20Tools/Payloads/SasanLabs/VulnerableApp/build/libs/VulnerableApp-1.0.0.jar!/BOOT-INF/classes!/org/sasanlabs/service/vulnerability/fileupload/UnrestrictedFileUpload.class]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.sasanlabs.service.vulnerability.fileupload.UnrestrictedFileUpload]: Constructor threw exception; nested...