Acunetix Website Security Forums » Recent Posts

Chrysostomos Daniel on "Can't start multi-scan task..."

Chrysostomos Daniel — Mon, 23 Apr 2012 06:34:41 +0000

Hi v0dga

Glad you found a solution on your query.

Thank You

Chrysostomos Daniel on "Acunetix 8 Crashes upon scanning local target"

Chrysostomos Daniel — Mon, 23 Apr 2012 06:31:11 +0000

Hi JeffControl

Regarding your issue, please contact the support at support@acunetix.com .

Thank You

v0dga on "Can't start multi-scan task..."

v0dga — Mon, 23 Apr 2012 02:07:52 +0000

OK i got it..... :)

v0dga on "Can't start multi-scan task..."

v0dga — Sun, 22 Apr 2012 04:00:28 +0000

I use awvs on the win-7 x64... when I open the localhost:8181 (I open the software with administrator privilege.. Use command "netstat -an" cant find 8181 port... also, i turn off the firewall..)... it returns "Cant find page"... But when i use it on the winxp x86... It runs successfully...

How can i solve it .... thx in advance
BestRegards.....

JeffControl on "Acunetix 8 Crashes upon scanning local target"

JeffControl — Mon, 16 Apr 2012 21:21:07 +0000

I ran a scan against a local web server of mine, and after the scanner finishes crawling Acunetix experiences an unknown error and crashes. There are no logs I could find related to Acunetix, so I have posted the Windows error log below for the crash.

Any idea why the scan of a local target will crash the Acunetix application, but scans of public facing targets will not?

-------------

Faulting application name: wvs.exe, version: 6.0.0.3453, time stamp: 0x2a425e19
Faulting module name: pcre.dll, version: 6.7.0.0, time stamp: 0x456b61d0
Exception code: 0xc0000005
Fault offset: 0x00009922
Faulting process id: 0x1370
Faulting application start time: 0x01cd1c10aaefc40f
Faulting application path: C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\wvs.exe
Faulting module path: C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\pcre.dll
Report Id: abb9ec5d-8806-11e1-abae-90fba6497a77

RodrigoX on "Check if SSL 2.0 is enable and Login Sequence!"

RodrigoX — Thu, 05 Apr 2012 21:01:13 +0000

Thanks, Brian!

BrianWGray on "How to correctly limit the bandwidth usage?"

BrianWGray — Thu, 05 Apr 2012 20:57:40 +0000

GeertS, if you recieve a viable reply I'd love to hear the outcome.

Do you run any sort of packet capture during your scans to monitor your scanning activity?

BrianWGray on "Acceptable Solution to XSS"

BrianWGray — Thu, 05 Apr 2012 20:42:35 +0000

You're asking a vague question.
Vague answer = https://www.owasp.org/index.php/XSS

Are you able to reproduce the vulnerabilities that are being reported?

BrianWGray on "Check if SSL 2.0 is enable and Login Sequence!"

BrianWGray — Thu, 05 Apr 2012 20:29:30 +0000

The answer would be no.
SSL is going to be negotiated before you can get to the form.

https://www.owasp.org/index.php/Testing_for_SSL-TLS_(OWASP-CM-001)

RodrigoX on "Check if SSL 2.0 is enable and Login Sequence!"

RodrigoX — Thu, 05 Apr 2012 18:48:39 +0000

Hi all,

My web application has a login form. The question is: Do I need create a login sequence do check if the SSL 2.0 is enable?

Thank you,
Rodrigo

njlg on "Acceptable Solution to XSS"

njlg — Mon, 02 Apr 2012 16:57:52 +0000

Are there any acceptable solutions to XSS attacks? No matter what I do to thwart the XSS attacks that Acunetix uses, the report always says that the attack worked.

shu7734 on "i just want scan a Directiory and subdirectories"

shu7734 — Sat, 31 Mar 2012 07:31:57 +0000

i just want scan a Directiory and subdirectories,
and want except other Directiorys

RodrigoX on "Acunetix License"

RodrigoX — Thu, 29 Mar 2012 17:41:29 +0000

Thanks a lot, Daniel.

Chrysostomos Daniel on "Acunetix License"

Chrysostomos Daniel — Thu, 29 Mar 2012 10:48:47 +0000

Hi RodrigoX

You cannot install Acunetix in more than one machine using the same license.

Thank You

RodrigoX on "Acunetix License"

RodrigoX — Wed, 28 Mar 2012 19:19:49 +0000

Hi all,
The Acunetix license does permit me to install Acunetix in two machines?
Thanks,
Rodrigo

Chrysostomos Daniel on "How to correctly limit the bandwidth usage?"

Chrysostomos Daniel — Tue, 27 Mar 2012 08:15:08 +0000

Hi Geert

I can confirm that two responses have been send regarding your first query.

You will be receiving a response for your current query shortly.

Thank You

GeertS on "How to correctly limit the bandwidth usage?"

GeertS — Tue, 27 Mar 2012 08:09:50 +0000

Hi Chrysostomos,

thank you for getting back to me. I have indeed never received these emails; they aren't even in the spam folder. Could you please ask to send those again, or at least tell me what the answer was?

I have indeed received a reply to my second email, asking me to provide http logs. I have done so yesterday and am currently waiting for a reply.

Kind regards,
Geert

Chrysostomos Daniel on "How to correctly limit the bandwidth usage?"

Chrysostomos Daniel — Tue, 27 Mar 2012 07:18:23 +0000

Hi Geert

Regarding your first email, the support has replied to your query with two email responses on the same date you have contacted us. They have never heard back from you. Please check your Spam or Junk mail boxes for the specific support emails since sometimes are saved in there.

Regarding the second email, the support team has already contacted you as soon as they received your query.

Thank You

Stay tuned with the latest news and updates by subscribing to our Acunetix Blog website http://www.acunetix.com/blog/ , Facebook account http://www.facebook.com/Acunetix or follow us on Twitter http://twitter.com/Acunetix .

GeertS on "How to correctly limit the bandwidth usage?"

GeertS — Mon, 26 Mar 2012 13:10:51 +0000

Hi,

I have already emailed support@acunetix.com with my question last week, and an update earlier today. However I received no reply, so I thought I'd give it a try here as well.

First email:

In the nearby future we are planning to perform a scan on the Dutch website http://www.bol.com. They have informed us that their Intrusion Detection Systems will disconnect and block any IP address that generates over 300 HTTP Requests per minute. Unfortunately I have not seen an option in Acunetix WVS 8 that allows me to limit this number. I have however found a way to set a delay between consecutive requests. This would mean that we have to set a high enough delay to prevent the IDS from shutting us out, but if we do so I am afraid the scan may take quite a bit longer than we have anticipated. Is there another way for us to prevent triggering the IDS during this scan?

Second email:

We have started the scan today and, despite largely scaling down the traffic, immediately were blocked by the IDS of our customer. They have informed us the scanner generated well over one-hundred requests per second. I fail to see how this is possible, since I have adjusted the HTTP options to a maximum of 5 parallel connections, a HTTP timeout of 60 seconds and a 2000 ms delay between consecutive HTTP requests. This leads me to believe there will be at most 5 requests per 2 seconds, which is at most 150 requests per minute. How is this possible? Please get back to us as soon as possible on this issue, as we have a limited window to scan the website.

Could you please take a look at our issue and help us figure out what is causing the inconsistencies?

Kind regards,
Geert Smelt

Chrysostomos Daniel on "[Error] Unable to start server, socket error nr 10013: An attempt was made to access a socket in a"

Chrysostomos Daniel — Fri, 23 Mar 2012 12:02:57 +0000

Please check if you have any proxy configuration settings or any other software that might interrupt the network connection between the Acunetix Web Vulnerability Scanner and the target website.

Thank You

sendhilkumargm@gmail.com on "[Error] Unable to start server, socket error nr 10013: An attempt was made to access a socket in a"

sendhilkumargm@gmail.com — Wed, 21 Mar 2012 11:29:10 +0000

Hi all,

Getting
"[Warning] Request from login sequence returned invalid status (Internal Server Error)
[Error] Unable to start server, socket error nr 10013: An attempt was made to access a socket in a way forbidden by its access permissions." in error log during select a login sequence in new scan wizard finished.

Help me to resolve.

Thanks in advance
Sendhil

sendhilkumargm@gmail.com on "[Error] Unable to start server, socket error nr 10013: An attempt was made to access a socket in a"

sendhilkumargm@gmail.com — Wed, 21 Mar 2012 11:21:00 +0000

Hi all,

While trying to scan a web application with recorded new login sequence.I am getting the "[Error] Unable to start server, socket error nr 10013: An attempt was made to access a socket in a way forbidden by its access permissions." in the error log.

How can i resolve this issue?

Thanks
Sendhil

Robert Abela on "Script errors on scan | "C:\ProgramData\Acunetix WVS 8\Data\Scripts\PerScheme\""

Robert Abela — Mon, 19 Mar 2012 12:15:44 +0000

Hi Blunt,

Thank you for showing interest in our product.

Since this type of problem cannot be solved via this forum, please send us an email with all the logs and license key details to support@acunetix.com. The support department will be willing to assist you.

Looking forward to hearing from you.

Robert Abela on "website taken down by acunetix"

Robert Abela — Mon, 19 Mar 2012 12:13:32 +0000

Hi Gaby,

If the website was down for everyone than it confirms that the hosting provider blocked access to it thinking it might block the attack.

blunt on "Script errors on scan | "C:\ProgramData\Acunetix WVS 8\Data\Scripts\PerScheme\""

blunt — Wed, 14 Mar 2012 17:26:05 +0000

Hi,

Why would i be getting the following logged errors on scans when it comes to the scripts?

03.14 13:07.47, [Warning] Error while executing Code_Execution.script: List index out of bounds (0). In "classCodeExecution.inc". Line 118, Column 3. Source: " this.scheme.populateRequest(this.lastJob);".

03.14 13:07.47, [Warning] Error while executing CRLF_Injection.script: List index out of bounds (0). In "classCRLFInjection.inc". Line 111, Column 3. Source: " this.scheme.populateRequest(this.lastJob);".

03.14 13:07.47, [Warning] Error while executing Directory_Traversal.script: List index out of bounds (0). In "classDirectoryTraversal.inc". Line 138, Column 3. Source: " this.scheme.populateRequest(this.lastJob);".

03.14 13:07.47, [Warning] Error while executing Error_Message.script: List index out of bounds (0). In "C:\ProgramData\Acunetix WVS 8\Data\Scripts\PerScheme\Error_Message.script". Line 57, Column 3. Source: " scheme.populateRequest(this.lastJob);".

03.14 13:07.47, [Warning] Error while executing Expression_Language_Injection.script: List index out of bounds (0). In "C:\ProgramData\Acunetix WVS 8\Data\Scripts\PerScheme\Expression_Language_Injection.script". Line 25, Column 3. Source: " scheme.populateRequest(this.lastJob);".

03.14 13:07.47, [Warning] Error while executing File_Inclusion.script: List index out of bounds (0). In "classFileInclusion.inc". Line 141, Column 3. Source: " this.scheme.populateRequest(this.lastJob);".

03.14 13:07.47, [Warning] Error while executing LDAP_Injection.script: List index out of bounds (0). In "C:\ProgramData\Acunetix WVS 8\Data\Scripts\PerScheme\LDAP_Injection.script". Line 74, Column 3. Source: " scheme.populateRequest(this.lastJob);".

03.14 13:07.47, [Warning] Error while executing MongoDB_Injection.script: List index out of bounds (0). In "C:\ProgramData\Acunetix WVS 8\Data\Scripts\PerScheme\MongoDB_Injection.script". Line 54, Column 3. Source: " scheme.populateRequest(this.lastJob);".

03.14 13:07.47, [Warning] Error while executing PHP_Code_Injection.script: List index out of bounds (0). In "classPHPCodeInjection.inc". Line 146, Column 3. Source: " this.scheme.populateRequest(this.lastJob);".

03.14 13:07.47, [Warning] Error while executing Remote_File_Inclusion_XSS.script: List index out of bounds (0). In "C:\ProgramData\Acunetix WVS 8\Data\Scripts\PerScheme\Remote_File_Inclusion_XSS.script". Line 43, Column 3. Source: " scheme.populateRequest(this.lastJob);".

03.14 13:07.47, [Warning] Error while executing Script_Source_Code_Disclosure.script: List index out of bounds (0). In "C:\ProgramData\Acunetix WVS 8\Data\Scripts\PerScheme\Script_Source_Code_Disclosure.script". Line 86, Column 3. Source: " scheme.populateRequest(this.lastJob);".

03.14 13:07.47, [Warning] Error while executing Sql_Injection.script: List index out of bounds (0). In "classSQLInjection.inc". Line 244, Column 3. Source: " this.scheme.populateRequest(this.lastJob);".

03.14 13:07.47, [Warning] Error while executing Unsafe_preg_replace.script: List index out of bounds (0). In "classUnsafePregReplace.inc". Line 79, Column 3. Source: " this.scheme.populateRequest(this.lastJob);".

03.14 13:07.47, [Warning] Error while executing XML_External_Entity_Injection.script: List index out of bounds (0). In "C:\ProgramData\Acunetix WVS 8\Data\Scripts\PerScheme\XML_External_Entity_Injection.script". Line 60, Column 3. Source: " scheme.populateRequest(this.lastJob);".

03.14 13:07.47, [Warning] Error while executing XPath_Injection.script: List index out of bounds (0). In "C:\ProgramData\Acunetix WVS 8\Data\Scripts\PerScheme\XPath_Injection.script". Line 73, Column 3. Source: " scheme.populateRequest(this.lastJob);".

thank you.

Gaby on "website taken down by acunetix"

Gaby — Fri, 09 Mar 2012 18:40:22 +0000

NO! the website was in scope,with permission from the client,and how I wrote in the top,was down for everyone not only for me.

Robert Abela on "Server unexpectedly closed connection [000F000C]"

Robert Abela — Fri, 09 Mar 2012 15:36:50 +0000

The target server is rejecting the responses being sent from Acunetix WVS. In that case we recommend you to check the server logs to see why such connections are being rejected. If a WAF or some other type of IDS is sitting in front of the server, you have to check the logs of such device / gateway as well.

Robert Abela on "CVE No. and CVSS scores"

Robert Abela — Fri, 09 Mar 2012 15:34:12 +0000

Hi,

Since this is a feature request, I would recommend you to post your request on our feature request portal; http://ideas.acunetix.com

Robert Abela on "website taken down by acunetix"

Robert Abela — Fri, 09 Mar 2012 15:33:28 +0000

Hi Gaby,

Most probably the hosting provider took the website down since they thought it might be under attack. We just wrote a blog post about this, i.e. ideally you should always advise the hosting provider before running a scan (especially if you are using a shared hosting solution).

http://www.acunetix.com/blog/docs/faq-avoid-website-blocked-scanning-acunetix-wvs/

Chrysostomos Daniel on "Acunetix deleted my entire database"

Chrysostomos Daniel — Thu, 08 Mar 2012 12:47:38 +0000

Hi RaR3X2

Welcome to the Acunetix Web Vulnerability Scanner forums.

Since Acunetix Web Vulnerability Scanner is a black box scanner, scans against web applications are preferred to be performed on test or simulated environments. It is not recommended to perform such scans against live web applications.

For more information on this subject please refer to the following link.

Link: http://www.acunetix.com/blog/docs/invasive-vs-non-invasive-web-application-security-scan/

Thank You

hack2012 on "Server unexpectedly closed connection [000F000C]"

hack2012 — Thu, 08 Mar 2012 02:52:22 +0000

When i make a new task , i found an error here ? how can i resolve this problem ?

Gaby on "website taken down by acunetix"

Gaby — Mon, 05 Mar 2012 12:21:16 +0000

someone can tell me what caused this thing? I have tried default scan and after 10 minutes the site was timedout for everyone not only for me,is odd because was still doing the crawl not test.

Cheers!

RaR3X2 on "Acunetix deleted my entire database"

RaR3X2 — Sun, 04 Mar 2012 19:11:38 +0000

So after about 2 years of working on a web game, i've decided to run acunetix, to find vulnerabilities.

Now it's deleted my entire mysql database. Is there even a way to recover what acunetix decided to just delete?

horse on "CVE No. and CVSS scores"

horse — Tue, 28 Feb 2012 07:46:32 +0000

Acunetix can shows the severity levels such as high, medium, low, etc.

But can Acunetix reports show the Common Vulnerabilities and Exposures (CVE) Numbers and the corresponding CVSS scores for each vulnerability identified by Acunetix?

Chrysostomos Daniel on "Login Sequence Recorder is getting blocked?"

Chrysostomos Daniel — Thu, 23 Feb 2012 15:19:03 +0000

Hi bildderfrau,

What version of the Acunetix Web Vulnerability Scanner are you using ?

Thank You