ActiveScanPlusPlus

ActiveScanPlusPlus copied to clipboard

The scanner scans all insertion point even if BurpSuite is configured to ignore certain parameters. I'm not sure if these settings are available via the Extender API. 

pcs-acole

https://github.com/artsploit/solr-injection#black-box-detection ``` GET /xxx?q=aaa%26shards=http://callback_server/solr GET /xxx?q=aaa&shards=http://callback_server/solr GET /xxx?q={!type=xmlparser v=""} ``` Solr is used a lot in underlying search/filtering technology, so I think these payloads should be tried in most forms,...

infosec-au

When I run https://github.com/pajswigger/content-length-fixer I will get alerted that ActiveScan++ sends incorrect Content-Length headers when it is doing a test request with `application/xml` as Content-Type, when it is using an...

floyd-fuh

BIG-IP supports iRules - a subset of rules written in TCL. An attacker can inject iRule code in to a request and force a BIG-IP to execute remote code, sniff...

dorkerdevil

add some new scans

2

add detection of jexl injection and Hubl Injection

dorkerdevil

- fix copy/paste error for Log4j - Low severity finding instead of High for .well-known files

floyd-fuh

albinowax

XMLTest: ensure compress/decompress functions complete within timeout for malformed strings

d0ge