Acunetix Web Vulnerability Scanner version 10 (build 20150707) has been updated to include new vulnerability checks, including the detection of Same Origin Method Execution, XSLT Injection, Blind Out-of-band Remote Code Execution and Blind Out-of-band SQL Injection. This build also includes various updates to the new Login Sequence Recorder.
The following is a full list of updates included in this release.
- Added a test for Same Origin Method Execution (SOME)
- Added a test for XSLT injection using various attack vectors
- Improved AcuMonitor technology so that it can now detect Blind Out-of-band Remote Code Execution vulnerabilities
- Improved AcuMonitor technology so that it can now detect Blind Out-of-band SQL Injection vulnerabilities
- Various updates and fixes in the Login Sequence Recorder
How to Upgrade
If you are running Acunetix Web Vulnerability Scanner v10, you will be notified that a new build is available to download when you start the application. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.
If you are running Acunetix WVS v8 or v9, you should follow the upgrade instructions available in the “Upgrading from a previous version of Acunetix Web Vulnerability Scanner” section of the Acunetix installation guide.
Acunetix Online Vulnerability Scanner has been updated so that your next scan will check for the vulnerabilities mentioned above.