While scanning the XVWA (Xtreme Vulnerable Web Application) consisting the vulnerability-PHP Object Injection i.e. Insecure Deserialization, burp extension "PHP Object Injection Check" doesn't report with the same name.
As burp insert payload PDO object also means plug-in is working, but vulnerability is not getting reported.
If there are any prerequisites for using this plugin, please suggest one.
↧