v8.0.20120613 - 13 Jun 2012
Build v8.0.20120613 - 13th June 2012
New Security Checks
- New security checks for Microsoft SharePoint.
- Debug Parameters test offers you the ability to check your web applications if common debug parameters, such as “?debug=1” disclose sensitive information.
- New Cross-Site Scripting checks for Ruby on Rails / Homakov variants.
- Security check for JetBrains .idea project directory.
- ToolsPack backdoor verification.
- Security check for Fantastico_Filelist information disclosure.
- Tests for authentication bypass vulnerabilities in MySQL, MariaDB (CVE-2012-2122).
- Check for Nginx restrictions bypass (CVE-2011-4963).
- New checks when phpinfo() page is discovered: all html in such page is parsed and various alerts are issued reporting PHP configuration problems (display_errors on, register_globals etc).
New Features
- Ability to export report in the Report Viewer.
- Alerts you when HTML forms do not have CSRF protection.
Improvements
- Rewrote the ASP_NET_Oracle_Padding security script.
- Improved SVN/GIT repository security scripts.
- Improved presentation for all the alerts generated by crawler by showing more attack details.
Bug Fixes
- Login sequence recorder is now using the configured user-agent.
- Cookies path parameters are better supported.
- The scheduler authentication checkbox is restored properly if you press “Cancel”.
- Fixed theTrace/Track HTTP method test security script issue.
- The input forms which are part of the login sequence are no longer filled with HTML forms pre-configured data.
- Fixed the namespaces issue on the Web Services scanner.
- Corrected the requests which are generated by the scan results imported from the Firefox extension.
- Blind SQL injection now reports the correct value in the alert details.
- Fixed the Jquery problem: CSA select html element and options are now correctly handled.