description |
---|
- put textbox URL to attack -> http://testphp.vulnweb.com
- check use traditional spider
- click on attack button
After scan, clicking on the Spider section we can see all URL/path of web site scanned.
While, clicking on the Alerts sections we ca see the vulnerabilities that're found and theirs relative methods (POST or GET):
- Absence of Anti-CSRF;
- SQL Injection.
{% embed url="https://www.zaproxy.org/docs/" %}
{% embed url="https://github.com/Samsar4/Ethical-Hacking-Labs/blob/master/10-Session-Hijacking/1-Using-ZAP.md" %} Using ZAP {% endembed %}