WEB VULNERABILITY SCANNER DOWNLOAD TRIAL FREE EDITION PRODUCT TOUR WEB SITE SECURITY CENTRE

Why are numerous emails sent out during a scan?

Description
During a scan, it might occur that forms present in the web application are filled out and submitted. This could trigger a mailing system.

Cause
Acunetix WVS completes and submits forms blindly during certain specific vulnerability checks. If forms are not validated for human input, undesired effects might occur.

Resolution
This problem of mass mailing is a vulnerability in itself. A hacker can perform the same steps to flood the mail system, for example by using automated bots. This issue is dependent on how the custom website actually works at the server side with certain type of requests. This mass mailing can be caused my more than one thing: Forms, Links, multiple requests etc..

Acunetix WVS cannot predict if a custom website contains such entry points since emails are actually sent at the server side.

It is important to be aware that this is a vulnerability and not something wrong in our product. Such mass mailing entry points should be made more secure. When using forms for sending emails (example: registration forms), techniques such as CAPTCHA (http://en.wikipedia.org/wiki/Captcha) should be used to prevent this situation.

Download Acunetix WVS - Free Edition
Take a product tour of Acunetix WVS (includes screenshots & system overview) or view the datasheet (PDF)
Learn more about SQL injection, Cross site scripting (XSS), other web attacks and PCI-DSS at the Web Site Security Centre
See what the IT Press has to say about Acunetix WVS in the reviews page, or read our customer testimonials