- Two new detection and exploitation techniques
Error-based
Boolean error-based blind
- Techniques are now tested in the specified order
- Generic template engines are now skipped by default in favor of generic plugins
- Plugins can now specify header and trailer length
- Context suffix can now include closure or reversed closure (not used by plugins yet)
- Base64 exfiltration support (not used by plugins yet)
- New plugin for Spring EL injection
- Twig CVE payload was moved to Extras in favor of |map()-based payload
- Fromfile data type to provide request body parts through files
- Freemarker now supports expression evaluation
- Dust.js now supports rendered code execution
- Some plugins were moved to legacy status
- Old payloads for Jinja and Smarty were moved to extras
- SSTImap can now run with disabled form detection if dependencies are not installed
- Fixed some bugs