Acunetix 360’s highly accurate technology provides proof for vulnerabilities. It does this by crawling and attacking your web application to identify vulnerabilities and issues, then dynamically exploiting suspected vulnerabilities in a safe and read-only way. This exploitation process results in demonstrable proof that an identified web application vulnerability exists and can be exploited.
Acunetix 360 extracts proof of exploitation using the following methods:
- SQL Injection
- Boolean SQL Injection
- Blind SQL Injection
- Remote File Inclusion (RFI)
- Command Injection
- Blind Command Injection
- XML External Entity (XXE) Injection
- Remote Code Evaluation
- Local File Inclusion (LFI)
- Server-side Template Injection
- Remote Code Execution
- Injection via Local File Inclusion
While Acunetix 360 is scanning your web application, you can view Proofs via the Sitemap and Issue panels by clicking on relevant vulnerabilities.
You can also access this critical information in the Knowledge Base panel, rather than clicking on issues to view the relevant proof. In the panel, you can access proofs such as Identified Database Version, Identified Database Name, and Identified Database User.
This data could contain the username and database name for a SQL Injection, or the content of a file for a local file injection for example. From the Proofs node, you can discover how much potentially sensitive information the scanner was able to extract automatically for demonstration purposes.
Acunetix 360 forms Knowledge Base nodes on its findings. If the Proofs node is not listed, it means that Acunetix 360 did not create any.
For further information, see Knowledge Base Nodes.
How to View the Proofs Node in Acunetix 360
- Log in to Acunetix 360.
- From the main menu, click Scans, then Recent Scans. The Recent Scans window is displayed.
- Next to the relevant website, click Report.
- From the Technical Report section, click the Knowledge Base tab.
- Click the Proofs node. The information is displayed in a Proofs tab.