Steps :
- Install python scripting from zap marketplace
- Download SSTI.py file from https://github.com/knassar702/community-scripts/blob/master/active/SSTI.py
- open scripts tab and click on load script
- select SSTI.py file
for testing ..!
download this web application
https://github.com/knassar702/hacking-lab
$ git clone https://github.com/knassar702/hacking-lab
$ cd hacking-lab && sudo pip2 install flask requests jinja2
$ sudo python2 hackme.py
- open zaproxy > Automated Scan > http://localhost/search?u=1 > Click on Attack Button
Done :)
Comments
Post a Comment