I was testing a web application with ZAP and it reports a path traversal vulnerability. I understand it how it works (at least, I think so), so I reviewed the code, tested the URLs, but I could not find where to fix the vulnerability. I only know from ZAP that the problem is only in the URL /service/book and the parameter category. It's interesting that the rest of the app does not have the same problem.
Maybe, if I know how ZAP found it, it will help me to understand where the problem is and fix the app. Do you know how can I check what ZAP did to detect the vulnerability?
Heres the source code for that test: https://github.com/zaproxy/zap-extensions/blob/master/src/org/zaproxy/zap/extension/ascanrules/TestPathTraversal.java
Does that help?
Simon (ZAP Project Lead)