ZAP Full Scan Report

- Site: [https://testphp.vulnweb.com](https://testphp.vulnweb.com) 

- Site: [http://testphp.vulnweb.com](http://testphp.vulnweb.com) 
 	 **New Alerts** 
	- **Cross Site Scripting (DOM Based)** [40026] total: 16:  
		- [http://testphp.vulnweb.com/artists.php?name=abc#<img src="random.gif" onerror=alert(5397)>](http://testphp.vulnweb.com/artists.php?name=abc#<img src="random.gif" onerror=alert(5397)>) 
		- [http://testphp.vulnweb.com/cart.php#jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert(5397) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(5397)//>\x3e](http://testphp.vulnweb.com/cart.php#jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert(5397) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(5397)//>\x3e) 
		- [http://testphp.vulnweb.com/categories.php#jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert(5397) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(5397)//>\x3e](http://testphp.vulnweb.com/categories.php#jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert(5397) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(5397)//>\x3e) 
		- [http://testphp.vulnweb.com/disclaimer.php#jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert(5397) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(5397)//>\x3e](http://testphp.vulnweb.com/disclaimer.php#jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert(5397) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(5397)//>\x3e) 
		- [http://testphp.vulnweb.com/guestbook.php#jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert(5397) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(5397)//>\x3e](http://testphp.vulnweb.com/guestbook.php#jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert(5397) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(5397)//>\x3e) 
		- .. 
	- **Cross Site Scripting (Reflected)** [40012] total: 14:  
		- [http://testphp.vulnweb.com/hpp/?pp=%22%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E](http://testphp.vulnweb.com/hpp/?pp=%22%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E) 
		- [http://testphp.vulnweb.com/hpp/params.php?p=%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E&pp=12](http://testphp.vulnweb.com/hpp/params.php?p=%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E&pp=12) 
		- [http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E](http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E) 
		- [http://testphp.vulnweb.com/listproducts.php?artist=%3Cimg+src%3Dx+onerror%3Dprompt%28%29%3E](http://testphp.vulnweb.com/listproducts.php?artist=%3Cimg+src%3Dx+onerror%3Dprompt%28%29%3E) 
		- [http://testphp.vulnweb.com/listproducts.php?cat=%3Cimg+src%3Dx+onerror%3Dprompt%28%29%3E](http://testphp.vulnweb.com/listproducts.php?cat=%3Cimg+src%3Dx+onerror%3Dprompt%28%29%3E) 
		- .. 
	- **Cross-Domain Misconfiguration - Adobe - Read** [20016] total: 1:  
		- [http://testphp.vulnweb.com/crossdomain.xml](http://testphp.vulnweb.com/crossdomain.xml) 
	- **NoSQL Injection - MongoDB** [40033] total: 4:  
		- [http://testphp.vulnweb.com/listproducts.php?artist=0+%7C%7C+sleep%280%29](http://testphp.vulnweb.com/listproducts.php?artist=0+%7C%7C+sleep%280%29) 
		- [http://testphp.vulnweb.com/listproducts.php?cat=0+%7C%7C+sleep%280%29](http://testphp.vulnweb.com/listproducts.php?cat=0+%7C%7C+sleep%280%29) 
		- [http://testphp.vulnweb.com/product.php?pic=0+%7C%7C+sleep%280%29](http://testphp.vulnweb.com/product.php?pic=0+%7C%7C+sleep%280%29) 
		- [http://testphp.vulnweb.com/artists.php?artist=0+%7C%7C+sleep%283%29](http://testphp.vulnweb.com/artists.php?artist=0+%7C%7C+sleep%283%29) 
	- **SQL Injection** [40018] total: 7:  
		- [http://testphp.vulnweb.com/artists.php?artist=5-2](http://testphp.vulnweb.com/artists.php?artist=5-2) 
		- [http://testphp.vulnweb.com/listproducts.php?artist=3+AND+1%3D1+--+](http://testphp.vulnweb.com/listproducts.php?artist=3+AND+1%3D1+--+) 
		- [http://testphp.vulnweb.com/listproducts.php?cat=4+AND+1%3D1+--+](http://testphp.vulnweb.com/listproducts.php?cat=4+AND+1%3D1+--+) 
		- [http://testphp.vulnweb.com/product.php?pic=9-2](http://testphp.vulnweb.com/product.php?pic=9-2) 
		- [http://testphp.vulnweb.com/secured/newuser.php](http://testphp.vulnweb.com/secured/newuser.php) 
		- .. 
	- **Source Code Disclosure - File Inclusion** [43] total: 4:  
		- [http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=12](http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=12) 
		- [http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=12](http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=12) 
		- [http://testphp.vulnweb.com/showimage.php?file=./pictures/7.jpg](http://testphp.vulnweb.com/showimage.php?file=./pictures/7.jpg) 
		- [http://testphp.vulnweb.com/showimage.php?file=./pictures/7.jpg&size=160](http://testphp.vulnweb.com/showimage.php?file=./pictures/7.jpg&size=160) 
	- **.htaccess Information Leak** [40032] total: 7:  
		- [http://testphp.vulnweb.com/Mod_Rewrite_Shop/.htaccess](http://testphp.vulnweb.com/Mod_Rewrite_Shop/.htaccess) 
		- [http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-1/.htaccess](http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-1/.htaccess) 
		- [http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-2/.htaccess](http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-2/.htaccess) 
		- [http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-3/.htaccess](http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-3/.htaccess) 
		- [http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/color-printer/3/.htaccess](http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/color-printer/3/.htaccess) 
		- .. 
	- **Absence of Anti-CSRF Tokens** [10202] total: 10:  
		- [http://testphp.vulnweb.com/](http://testphp.vulnweb.com/) 
		- [http://testphp.vulnweb.com/artists.php](http://testphp.vulnweb.com/artists.php) 
		- [http://testphp.vulnweb.com/cart.php](http://testphp.vulnweb.com/cart.php) 
		- [http://testphp.vulnweb.com/categories.php](http://testphp.vulnweb.com/categories.php) 
		- [http://testphp.vulnweb.com/disclaimer.php](http://testphp.vulnweb.com/disclaimer.php) 
		- .. 
	- **Anti-CSRF Tokens Check** [20012] total: 23:  
		- [http://testphp.vulnweb.com](http://testphp.vulnweb.com) 
		- [http://testphp.vulnweb.com/](http://testphp.vulnweb.com/) 
		- [http://testphp.vulnweb.com/artists.php](http://testphp.vulnweb.com/artists.php) 
		- [http://testphp.vulnweb.com/artists.php?artist=3](http://testphp.vulnweb.com/artists.php?artist=3) 
		- [http://testphp.vulnweb.com/cart.php](http://testphp.vulnweb.com/cart.php) 
		- .. 
	- **Backup File Disclosure** [10095] total: 14:  
		- [http://testphp.vulnweb.com/index.bak](http://testphp.vulnweb.com/index.bak) 
		- [http://testphp.vulnweb.com/index.zip](http://testphp.vulnweb.com/index.zip) 
		- [http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-1%20-%20Copy%20(2).html](http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-1%20-%20Copy%20(2).html) 
		- [http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-1%20-%20Copy%20(3).html](http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-1%20-%20Copy%20(3).html) 
		- [http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-1%20-%20Copy.html](http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-1%20-%20Copy.html) 
		- .. 
	- **Content Security Policy (CSP) Header Not Set** [10038] total: 11:  
		- [http://testphp.vulnweb.com/](http://testphp.vulnweb.com/) 
		- [http://testphp.vulnweb.com/AJAX/index.php](http://testphp.vulnweb.com/AJAX/index.php) 
		- [http://testphp.vulnweb.com/artists.php](http://testphp.vulnweb.com/artists.php) 
		- [http://testphp.vulnweb.com/cart.php](http://testphp.vulnweb.com/cart.php) 
		- [http://testphp.vulnweb.com/categories.php](http://testphp.vulnweb.com/categories.php) 
		- .. 
	- **HTTP Only Site** [10106] total: 1:  
		- [http://testphp.vulnweb.com/cart.php](http://testphp.vulnweb.com/cart.php) 
	- **Missing Anti-clickjacking Header** [10020] total: 11:  
		- [http://testphp.vulnweb.com/](http://testphp.vulnweb.com/) 
		- [http://testphp.vulnweb.com/AJAX/index.php](http://testphp.vulnweb.com/AJAX/index.php) 
		- [http://testphp.vulnweb.com/artists.php](http://testphp.vulnweb.com/artists.php) 
		- [http://testphp.vulnweb.com/cart.php](http://testphp.vulnweb.com/cart.php) 
		- [http://testphp.vulnweb.com/categories.php](http://testphp.vulnweb.com/categories.php) 
		- .. 
	- **XSLT Injection** [90017] total: 2:  
		- [http://testphp.vulnweb.com/showimage.php?file=%3Cxsl%3Avalue-of+select%3D%22document%28%27http%3A%2F%2Ftestphp.vulnweb.com%3A22%27%29%22%2F%3E](http://testphp.vulnweb.com/showimage.php?file=%3Cxsl%3Avalue-of+select%3D%22document%28%27http%3A%2F%2Ftestphp.vulnweb.com%3A22%27%29%22%2F%3E) 
		- [http://testphp.vulnweb.com/showimage.php?file=%3Cxsl%3Avalue-of+select%3D%22document%28%27http%3A%2F%2Ftestphp.vulnweb.com%3A22%27%29%22%2F%3E&size=160](http://testphp.vulnweb.com/showimage.php?file=%3Cxsl%3Avalue-of+select%3D%22document%28%27http%3A%2F%2Ftestphp.vulnweb.com%3A22%27%29%22%2F%3E&size=160) 
	- **In Page Banner Information Leak** [10009] total: 3:  
		- [http://testphp.vulnweb.com/high](http://testphp.vulnweb.com/high) 
		- [http://testphp.vulnweb.com/robots.txt](http://testphp.vulnweb.com/robots.txt) 
		- [http://testphp.vulnweb.com/sitemap.xml](http://testphp.vulnweb.com/sitemap.xml) 
	- **Permissions Policy Header Not Set** [10063] total: 11:  
		- [http://testphp.vulnweb.com/](http://testphp.vulnweb.com/) 
		- [http://testphp.vulnweb.com/AJAX/index.php](http://testphp.vulnweb.com/AJAX/index.php) 
		- [http://testphp.vulnweb.com/artists.php](http://testphp.vulnweb.com/artists.php) 
		- [http://testphp.vulnweb.com/cart.php](http://testphp.vulnweb.com/cart.php) 
		- [http://testphp.vulnweb.com/categories.php](http://testphp.vulnweb.com/categories.php) 
		- .. 
	- **Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)** [10037] total: 11:  
		- [http://testphp.vulnweb.com/](http://testphp.vulnweb.com/) 
		- [http://testphp.vulnweb.com/AJAX/index.php](http://testphp.vulnweb.com/AJAX/index.php) 
		- [http://testphp.vulnweb.com/artists.php](http://testphp.vulnweb.com/artists.php) 
		- [http://testphp.vulnweb.com/cart.php](http://testphp.vulnweb.com/cart.php) 
		- [http://testphp.vulnweb.com/categories.php](http://testphp.vulnweb.com/categories.php) 
		- .. 
	- **Server Leaks Version Information via "Server" HTTP Response Header Field** [10036] total: 11:  
		- [http://testphp.vulnweb.com/](http://testphp.vulnweb.com/) 
		- [http://testphp.vulnweb.com/AJAX/index.php](http://testphp.vulnweb.com/AJAX/index.php) 
		- [http://testphp.vulnweb.com/artists.php](http://testphp.vulnweb.com/artists.php) 
		- [http://testphp.vulnweb.com/cart.php](http://testphp.vulnweb.com/cart.php) 
		- [http://testphp.vulnweb.com/categories.php](http://testphp.vulnweb.com/categories.php) 
		- .. 
	- **X-Content-Type-Options Header Missing** [10021] total: 12:  
		- [http://testphp.vulnweb.com/](http://testphp.vulnweb.com/) 
		- [http://testphp.vulnweb.com/AJAX/index.php](http://testphp.vulnweb.com/AJAX/index.php) 
		- [http://testphp.vulnweb.com/artists.php](http://testphp.vulnweb.com/artists.php) 
		- [http://testphp.vulnweb.com/cart.php](http://testphp.vulnweb.com/cart.php) 
		- [http://testphp.vulnweb.com/categories.php](http://testphp.vulnweb.com/categories.php) 
		- .. 
	- **Authentication Request Identified** [10111] total: 1:  
		- [http://testphp.vulnweb.com/secured/newuser.php](http://testphp.vulnweb.com/secured/newuser.php) 
	- **Base64 Disclosure** [10094] total: 11:  
		- [http://testphp.vulnweb.com/](http://testphp.vulnweb.com/) 
		- [http://testphp.vulnweb.com/artists.php](http://testphp.vulnweb.com/artists.php) 
		- [http://testphp.vulnweb.com/artists.php?artist=1](http://testphp.vulnweb.com/artists.php?artist=1) 
		- [http://testphp.vulnweb.com/cart.php](http://testphp.vulnweb.com/cart.php) 
		- [http://testphp.vulnweb.com/categories.php](http://testphp.vulnweb.com/categories.php) 
		- .. 
	- **Charset Mismatch (Header Versus Meta Content-Type Charset)** [90011] total: 11:  
		- [http://testphp.vulnweb.com/](http://testphp.vulnweb.com/) 
		- [http://testphp.vulnweb.com/AJAX/index.php](http://testphp.vulnweb.com/AJAX/index.php) 
		- [http://testphp.vulnweb.com/artists.php](http://testphp.vulnweb.com/artists.php) 
		- [http://testphp.vulnweb.com/cart.php](http://testphp.vulnweb.com/cart.php) 
		- [http://testphp.vulnweb.com/categories.php](http://testphp.vulnweb.com/categories.php) 
		- .. 
	- **GET for POST** [10058] total: 1:  
		- [http://testphp.vulnweb.com/cart.php](http://testphp.vulnweb.com/cart.php) 
	- **Information Disclosure - Suspicious Comments** [10027] total: 1:  
		- [http://testphp.vulnweb.com/AJAX/index.php](http://testphp.vulnweb.com/AJAX/index.php) 
	- **Modern Web Application** [10109] total: 9:  
		- [http://testphp.vulnweb.com/AJAX/index.php](http://testphp.vulnweb.com/AJAX/index.php) 
		- [http://testphp.vulnweb.com/artists.php](http://testphp.vulnweb.com/artists.php) 
		- [http://testphp.vulnweb.com/artists.php?artist=1](http://testphp.vulnweb.com/artists.php?artist=1) 
		- [http://testphp.vulnweb.com/artists.php?artist=2](http://testphp.vulnweb.com/artists.php?artist=2) 
		- [http://testphp.vulnweb.com/artists.php?artist=3](http://testphp.vulnweb.com/artists.php?artist=3) 
		- .. 
	- **Non-Storable Content** [10049] total: 1:  
		- [http://testphp.vulnweb.com/userinfo.php](http://testphp.vulnweb.com/userinfo.php) 
	- **Sec-Fetch-Dest Header is Missing** [90005] total: 3:  
		- [http://testphp.vulnweb.com/login.php](http://testphp.vulnweb.com/login.php) 
		- [http://testphp.vulnweb.com/robots.txt](http://testphp.vulnweb.com/robots.txt) 
		- [http://testphp.vulnweb.com/sitemap.xml](http://testphp.vulnweb.com/sitemap.xml) 
	- **Sec-Fetch-Mode Header is Missing** [90005] total: 3:  
		- [http://testphp.vulnweb.com/login.php](http://testphp.vulnweb.com/login.php) 
		- [http://testphp.vulnweb.com/robots.txt](http://testphp.vulnweb.com/robots.txt) 
		- [http://testphp.vulnweb.com/sitemap.xml](http://testphp.vulnweb.com/sitemap.xml) 
	- **Sec-Fetch-Site Header is Missing** [90005] total: 3:  
		- [http://testphp.vulnweb.com/login.php](http://testphp.vulnweb.com/login.php) 
		- [http://testphp.vulnweb.com/robots.txt](http://testphp.vulnweb.com/robots.txt) 
		- [http://testphp.vulnweb.com/sitemap.xml](http://testphp.vulnweb.com/sitemap.xml) 
	- **Sec-Fetch-User Header is Missing** [90005] total: 3:  
		- [http://testphp.vulnweb.com/login.php](http://testphp.vulnweb.com/login.php) 
		- [http://testphp.vulnweb.com/robots.txt](http://testphp.vulnweb.com/robots.txt) 
		- [http://testphp.vulnweb.com/sitemap.xml](http://testphp.vulnweb.com/sitemap.xml) 
	- **Storable and Cacheable Content** [10049] total: 11:  
		- [http://testphp.vulnweb.com/](http://testphp.vulnweb.com/) 
		- [http://testphp.vulnweb.com/AJAX/index.php](http://testphp.vulnweb.com/AJAX/index.php) 
		- [http://testphp.vulnweb.com/artists.php](http://testphp.vulnweb.com/artists.php) 
		- [http://testphp.vulnweb.com/cart.php](http://testphp.vulnweb.com/cart.php) 
		- [http://testphp.vulnweb.com/categories.php](http://testphp.vulnweb.com/categories.php) 
		- .. 
	- **User Agent Fuzzer** [10104] total: 223:  
		- [http://testphp.vulnweb.com/AJAX](http://testphp.vulnweb.com/AJAX) 
		- [http://testphp.vulnweb.com/AJAX](http://testphp.vulnweb.com/AJAX) 
		- [http://testphp.vulnweb.com/AJAX](http://testphp.vulnweb.com/AJAX) 
		- [http://testphp.vulnweb.com/AJAX](http://testphp.vulnweb.com/AJAX) 
		- [http://testphp.vulnweb.com/AJAX](http://testphp.vulnweb.com/AJAX) 
		- .. 
	- **User Controllable HTML Element Attribute (Potential XSS)** [10031] total: 3:  
		- [http://testphp.vulnweb.com/guestbook.php](http://testphp.vulnweb.com/guestbook.php) 
		- [http://testphp.vulnweb.com/search.php?test=query](http://testphp.vulnweb.com/search.php?test=query) 
		- [http://testphp.vulnweb.com/search.php?test=query](http://testphp.vulnweb.com/search.php?test=query) 



View the [following link](https://github.com/amitmnagarwal/SampleCRUD/actions/runs/7212426648) to download the report.
RunnerID:7212426648

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ZAP Full Scan Report #1

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

ZAP Full Scan Report #1

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions