Acunetix Premium - v10.5.20160215
New Features
- Implemented support for automatically scanning Drupal and Joomla! web applications using a proprietary database of vulnerabilities
- Implemented support for CVSS v3.0 for most vulnerabilities
- Added a test for HTTP Response Splitting in Node.js (CVE-2016-2216)
- Added a test for Magento Cacheleak vulnerability
- Added a test looking for ASP.NET diagnostic pages
- Implemented a test looking for XXE (XML External Entity injection) in SAML (Security Assertion Markup Language) payloads
- Added a test for vulnerabilities presented in the Perl Jam 2 presentation
- Added a test for Atlassian Jira 6.0.* <= 6.1.4 DOM-based XSS
- Added a test for AngularJS client-side template injection
- Added a test for Rails Dynamic Render to RCE (CVE-2016-0752)
- Added a test looking for LiteSpeed request header injection
- Added a test for Path Traversal in Oracle GlassFish Server Open Source Edition
- Parse Javascript files using an Abstract Syntax Tree Parser to extract various information useful for the crawler.
Improvements
- Improved Blind and Error-based SQL injection tests
- Improved XSS tests
- Big improvements to the XXE (XML External Entity) tests
- Improved static crawling by parsing of JavaScript event handler parameters.
- Improve Email header injection test based on the paper from http://www.mbsd.jp/Whitepaper/smtpi.pdf