J2EEScan
J2EEScan copied to clipboard
ilmila
J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
I noticed a few findings on my assessment were 'missing' and working with portswigger we narrowed it down to J2EEScan finding similar issues in different injection points in the same...
Bumps [jsoup](https://github.com/jhy/jsoup) from 1.8.1 to 1.14.2. Release notes Sourced from jsoup's releases. jsoup 1.14.2 Caught by the fuzz! jsoup 1.14.2 is out now, and includes a set of parser bug...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Using this useful extension I found CVE-2013-3770 (Oracle IDoc Injection) vulnerability but unfortunately can't find a way/exploit/payload to exploit it successfully. Can you please help? I have already tried 'exploitdb'...
Hey, I think the Apache Axis 2 - Weak Admin Password part might need a change as it still flags on a page where the user and password are being...
For some reason, this extension can cause Burp scanner to lock up. I am not the author of the below thread, just found it when I was having this problem....
Hi, I am wondering if this can be checked for? Examples: * https://github.com/rapid7/metasploit-framework/pull/8924/files * https://github.com/mazen160/struts-pwn_CVE-2017-9805/blob/master/struts-pwn.py Thx, Dirk
J2EEScan scans for Struts class loader manipulation ( [https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/ApacheStrutsS2020.java](url) ) with the type of payload engineered AFTER the first fix which is Class.classLoader Ex: Class.classLoader.URLs[0]=testClassloaderManipulation1509723031 During testing I've seen that...
I noticed that this extender doesn't highlight payloads; and the information in Advisory is always identical. When I have an issue discovered, and press "Move to the next match" in...
The plugin does not support applications that employ HTTP Auth Basic. The Authentication header should be copied to the structure of the issued requests, just like any other header originally...
