平台中所有工具共享同一robust框架,以便统一处理HTTP请求、持久性、认证、上游代理、日志记录、报警和可扩展性。Burp Suite允许攻击者结合手工和自动技术去枚举、分析、攻击Web应用程序。
1.6.24
This release adds a new Scanner check for server-side template injection.
Template engines are widely used by web applications to present dynamic data via web pages and emails. Unsafely embedding user input in templates leads to a vulnerability that is:
frequently critical, allowing full arbitrary code execution on the server; and
easily mistaken for cross-site scripting, which is usually a much less serious issue. 下载地址
链接:
发表于 2015-9-13 18:01:46
发表于 2015-9-13 18:17:31
