Closed GoogleCodeExporter closed 8 years ago
Skipfish still needs to do some rudimentary checks on lower-level directories,
for
example to detect 404 patterns. In the process of doing so, it may spot a
couple of
security problems.
The option should reliably prevent it from performing injection checks or
brute-force
of the out-of-scope locations, though; please let me know if this is not the
case,
otherwise, the behavior is intended.
Original comment by lcam...@gmail.com
on 25 Mar 2010 at 11:28
Original issue reported on code.google.com by
hansfn@gmail.com
on 25 Mar 2010 at 10:43