Acunetix build 13.0.200624118 for Windows and Linux has been released.
The new Acunetix build introduces support for GraphQL and OAuth 2.0, allowing Acunetix to scan web applications that make use of these web technologies. It also includes multiple UI updates, a new comprehensive and interactive report, and HTTP response highlighting for better readability. In addition, there are a good number of new vulnerability checks, numerous updates, and fixes, all of which are available for all editions of Acunetix.
New Features
- Introduced support for GraphQL
- Introduced support for OAuth 2.0
- GraphQL files can be used as import files
- New Comprehensive report, which includes the HTTP response in the HTML version of the report
- HTTP response uses syntax highlighting for improved readability
- Scans can now be restricted to paths/locations in import files
- User can choose columns to show in all the Acunetix lists
- UI saves columns selected for each page/user (applies to targets, vulnerabilities, scans, and reports)
- UI saves number of items to show for each page/user (applies to targets, vulnerabilities, scans, and reports)
- UI saves sorting order for each page/user (applies to targets, vulnerabilities, scans, and reports)
New Vulnerability Checks
- New check for vBulletin 5.6.1 (and earlier) nodeId SQL injection
- New check for Cmd hijack vulnerability
- New check for PHP opcache-gui publicly accessible
- New check for Laravel debug mode enabled
- New check for Laravel Health Monitor publicly accessible
- New check for Laravel Health Horizon publicly accessible
- New check for Laravel Health LogViewer publicly accessible
- New check for Laravel Health Telescope publicly accessible
- New check for Laravel Ignition reflected cross-site scripting
- New check for Laravel framework weak secret key
- New check for HTML attribute injection
- New check for Clockwork PHP dev tool enabled
- New check for PHP debug bar enabled
- New check for broken link hijacking
- New checks for cookie misconfigurations leading to security issues
- New vulnerabilities for WordPress Core, WordPress plugins, Joomla!, and Drupal
Updates
- Targets with manual intervention cannot have a business logic recording
- Changed vulnerability name filter to search as you type
- Scans will start reporting pages that require HTTP authentication
- Acunetix UI notifications have been changed as follows:
- Moved to the bottom right of Acunetix UI
- Stay longer on the page
- Can be closed by the user
- Increased name length limit of import files to 128 characters
- The user can optionally specify the address to be used for auto-login. This is useful for SSO login pages
- The scanner will try to connect to the address of the target before aborting the scan after 25 consecutive network errors
- Targets can be deleted and replaced on the license anniversary
Fixes
- Fixed: The vulnerability name filter did not always show all vulnerabilities
- Fixed incorrect error handling message when disabling the proxy settings
- Hide Business Logic Recorder for network-only targets
- Fixed: Acunetix Online was showing an ID as the name of some network vulnerabilities
- Fixed: Acunetix Online was not always showing the HTTP response for some vulnerabilities
- Fixed: Acunetix Online was not showing the number of licensed targets
- Fixed issue causing paths of ignored files to be ignored too
- Fixed LSR issue on Safari browser
- Fixed issue caused when the LSR and BLR are used on certain sites
- Various minor fixes to the UI
- Fixed false positives in over 25 vulnerability checks
Upgrade to the Latest Build
If you are already using Acunetix build 13.x, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > About page.
If you are using Acunetix build 12.x or earlier, you need to download Acunetix from here. Use your Acunetix license key to download and activate your product.
Get the latest content on web security
in your inbox each week.