Acunetix Premium - v9.0.20140313

New Features

  • Added a test for XSS on Apache HTTP Server 413 error pages via malformed HTTP method
  • Added a test for Joomla! v3.2.1 SQL Injection
  • Added a test looking for WEB-INF/web.xml backups (at directory level and at file level)

Improvements

  • Limited the maximum number of variations from HTML forms
  • Login Sequence Recorder will now skip recording automatic redirects
  • Improved automatic in-session detection (Login Sequence Recorder)
  • PHP AcuSensor - Added the ability to handle PHP5 Closures and improved handling of large data
  • Improved ELMAH Information Disclosure script to cover default installation locations
  • Improved ability to identify redirect variants in JavaScript code
  • Improvements to the Backup File Tests
  • Improvements to the Directory Traversal Tests
  • Improvements to the File Inclusion Tests
  • Added support for HSQL Error Messages
  • Improvements to the Possible Sensitive Directories Tests
  • Improvements to the Possible Sensitive Files Tests
  • Improvements to the URL Redirection script

Bug Fixes

  • Fixed a number of memory leaks
  • Fixed an issue causing the scan to hang caused by invalidated sessions
  • Fixed an issue causing the scan from crawler executed all tests twice
  • Fixed a crash in the Session Manager caused by invalid server dates
  • URL finder regex hanged on some basic inputs
  • EOutOfMemory exceptions during the execution of scripts will not cause WVS to crash. The scan will be stopped when such an exception is encountered
  • Fixed issue with false positives not being saved to disk when marked from the Vulnerability Information panel
  • Ignore external scripts feature in DeepScan was sometimes still processing external scripts