i have just used a normal query in zap to see whether provided payload can get any response from server with 500 response but what ends up happening, it created multiple records for same person more than 7k so now i am looking though the request and response to see what made these changes possible and i am unable to find any, would you please give me suggestion where to look or how can i check.
` var attacks = [ "'", """, ";", "';" ];
function scan(as, msg, param, value) {
for (var i = 0; i < attacks.length; i++) {
var new_msg = msg.cloneRequest();
var attack1 = attacks[i];
print("attack1 = ", attack1);
var attackValue = value + attack1;
as.setParam(new_msg, param, attackValue);
as.sendAndReceive(new_msg, false, false);
}
` }
it was supposed to send payload stated above variable but i don't know where or how this query made those changes in database and i want to provide a root cause analysis to this problem but i am unable to find a proper reason to share.