We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
感觉判单检查出漏洞的条件太简单了,通过是否有返回和返回是否存在ERROR来判断的,误判率极高。 在实际的情况中,如果对GET提交的参数进行过滤,会返回正常的页面,此时就会产生对漏洞误报,这是很不科学的。 举个例子,我随便使用一个能够提交GET请求的网址http://39.98.177.186:8088/Less-1/id=1,结果便返回了存在012,015,009三个漏洞,很显然目标站点是不存在struts漏洞的。 希望能在判断检测出漏洞的条件上进行完善。
The text was updated successfully, but these errors were encountered:
No branches or pull requests
感觉判单检查出漏洞的条件太简单了,通过是否有返回和返回是否存在ERROR来判断的,误判率极高。
在实际的情况中,如果对GET提交的参数进行过滤,会返回正常的页面,此时就会产生对漏洞误报,这是很不科学的。
举个例子,我随便使用一个能够提交GET请求的网址http://39.98.177.186:8088/Less-1/id=1,结果便返回了存在012,015,009三个漏洞,很显然目标站点是不存在struts漏洞的。
希望能在判断检测出漏洞的条件上进行完善。
The text was updated successfully, but these errors were encountered: