Changes
- Upgrade browserker to version
0.0.107(!651)- Active checks find injection locations in all crawled HTTP messages browserker!840
- Upgrade vulnerability checks to version
1.0.48browserker!853- Update expressions for
78.1dast-cwe-checks!184 - Convert double brackets
{{...}}to single brackets{...}for consistency dast-cwe-checks!185 - Fix broken matching regular expressions for check
22.1dast-cwe-checks!186
- Update expressions for
- Upgrade vulnerability checks to version
1.0.49browserker!853- Update etc/passwd expression for
22.1dast-cwe-checks!187
- Update etc/passwd expression for
- Upgrade vulnerability checks to version
1.0.50browserker!853- Add
943.1Improper Neutralization of Special Elements in Data Query Logic MongoDB dast-cwe-checks!166 - Check
94.4is resilient to mirrors being used as the source URL dast-cwe-checks!188 - Check
94.4uses self-executing functions to maximize likelihood of execution when injected intoevaldast-cwe-checks!188
- Add
- HTTP messages loaded for active checks are cached for fast retrieval browserker!855
- Enable active check
94.4browserker!839 - Ignore callback attacks when parsing active check definitions browserker!839
- Log which injection location detector failed when there is an error browserker!854
- Enable browser-based active check
78.1OS Command Injection (!651) - Enable browser-based active check
94.4Server-side code injection (NodeJS) (!651)