I'm testing on a very slow environment, so I adjusted the "Sleep time for sleep payloads (in seconds)" to 35.0 seconds. In the Logger++, I see that every upload request always takes 20 seconds to be uploaded, and is downloaded (using a static URL) within ~2 seconds.
At the moment, even with 35 seconds for sleep timer, I can see dozens of sleep based vulnerabilities (e.g. Imagetragick CVE-2016-3714). Could you please improve the logic behind this? So that not only is this value used in payloads, but vulnerabilities are only thrown when this timer is exceeded.
Edit: maybe the bug manifests when I have default timer; start scan; stop scan; and try to run it again with greater values for delays (which are ignored, and previous ones are used). I'm not sure
I'm testing on a very slow environment, so I adjusted the "Sleep time for sleep payloads (in seconds)" to 35.0 seconds. In the Logger++, I see that every upload request always takes 20 seconds to be uploaded, and is downloaded (using a static URL) within ~2 seconds.
At the moment, even with 35 seconds for sleep timer, I can see dozens of sleep based vulnerabilities (e.g. Imagetragick CVE-2016-3714). Could you please improve the logic behind this? So that not only is this value used in payloads, but vulnerabilities are only thrown when this timer is exceeded.
Edit: maybe the bug manifests when I have default timer; start scan; stop scan; and try to run it again with greater values for delays (which are ignored, and previous ones are used). I'm not sure