18 Dec 2015

18-Dec-2015

FEATURES

Added Windows 10 support
Added the Scan Policy Optimizer
Added automatic configuration of URL rewrite rules
Added automated evidence collection to several confirmed vulnerabilities
Added Korean language option for application user interface (currently in beta)
Added support for detecting outdated versions of several popular JavaScript client-side libraries
Added HIPAA compliance report template
Added syntax highlighting for HTTP response viewer for responses like XML, JavaScript, CSS, etc.
Added syntax highlighting for HTTP request viewer for request bodies like XML, JSON, etc.
Added sessionStorage and localStorage support
Added send to Team Foundation Server (TFS) and GitHub feature
Added URL Rewrite knowledgebase node to list the URL patterns that have been discovered
Added SSL knowledgebase node that shows several SSL related configurations on target web server
Added CSS knowledgebase node
Added Slowest Pages knowledgebase node
Added no challenge option for basic authentication

NEW SECURITY CHECKS

Added Windows Short File Name security checks
Added several new backup file checks
Added web.config pattern for LFI checks
Added boot.ini pattern for LFI checks
Added a signature which checks against a passive backdoor affecting vBulletin 4.x and 5.x versions
Added a signature which checks against an error message generated by regexp function at MySQL database
Added DAws web backdoor check
Added MOF Web Shell backdoor check
Added RoR database configuration file detection
Added RoR version disclosure detection
Added RoR out-of-date version detection
Added RoR Stack Trace Disclosure
Added RubyGems version disclosure detection
Added RubyGems out-of-date version detection
Added Ruby out-of-date version detection
Added Python out-of-date version detection
Added Perl out-of-date version detection
Added RoR Development Mode Enabled detection
Added Django version disclosure detection
Added Django out-of-date version detection
Added Django Development Mode Enabled detection
Added PHPLiteAdmin detection
Added phpMoAdmin detection
Added DbNinja detection
Added WeakNet Post-Exploitation PHP Execution Shell (WPES) detection
Added Adminer detection
Added Microsoft IIS Log File detection
Added Laravel Configuration File detection
Added Laravel Debug Mode Enabled detection
Added Laravel Stack Trace Disclosure
Added S/FTP Config File detection

IMPROVEMENTS

Several performance improvements to reduce memory usage
Improved credit card detection to eliminate false positives
HTTP cookie handling code written from scratch to conform with the latest RFCs which modern browsers also follow
SSL cipher support check code has been rewritten to support more cipher suites
SSL checks are now made for target URLs even when protocol is HTTP
Improved logging code to decrease the performance overhead
Updated embedded chrome based browser engine to version 41
Improved logging when an error occurs if Invicti was started from command line with arguments
Added more ignored parameters for ASP.NET web applications
Improved JIRA send to action to support both old and new versions
Added activity details for singular security checks (SSL, Heartbleed, etc.) on scan summary dashboard
Improved authentication verifier to include keywords from alt and title attributes
Improved scan policy versioning where new security checks are automatically included or excluded by default on existing scan policies
Improved out-of-date vulnerability reporting on XML vulnerability list report to include references and affected versions elements
Improved LFI pattern that matches win.ini files
Improved XSS coverage by adding an attack pattern for email inputs which require an @ character
Improved cookie vulnerability details to show all cookies that are not marked as Secure or HttpOnly
Added descriptions for advanced settings
Improved out-of-date vulnerability templates by including severity information of vulnerabilities for that version of software
Improved out-of-date vulnerability reporting by increasing the severity of the vulnerability if that version of software contains an important vulnerability
Increased static resource finder limit from 75 to 100
Added several text parser settings to advanced settings
Improved Ruby version disclosure detection
Improved SQL injection vulnerability template by adding remedy information for more development environments
Improved common directory checks by adding more known directory names
Updated default user agent
Improved the default Anti-CSRF token name list
Improved database error messages vulnerability detection for Informix
Added new XSS attack pattern for title tag in which JavaScript execution is not possible
Improved XHTML attacks to check against XSS vulnerabilities
Missing Content-Type vulnerability is not reported when status code returns 304
Optimized confirmation of Boolean SQLi
Added exploitation for Remote Code Evaluation via ASP vulnerability
Revamped DOM based XSS vulnerability detail with a table showing XPath column
Changed SQLi attack patterns specific to MSSQL database with shorter ones
Improved SQLi attack pattern which causes a vulnerability in LIMIT clauses specific to MySQL database
DOM simulation is turned off for hidden input types which causes a false-positive confirmed XSS vulnerability
Improved the "Name" form value pattern to match more inputs
Improved confirmation of Expression Language Injection vulnerability
Improved Frame Injection vulnerability details
Added .phtml extension to detect code execution via file upload
Improved blind SQL injection detection on some INNER JOIN cases
Improved external references section of "Remote Code Evaluation (PHP)" vulnerability
Added retest support for several vulnerability types
Improved import link user interface
Improved CSRF engine
Displaying installer links for cases where auto update fails or auto updating is not possible
Improved Apache Tomcat detection patterns
Improved the message on "Reset to Defaults" dialog
Added severity column for Vulnerabilities List (CSV) report template
Increased the number of sensitive comments reported
Added exploitation support for "RCE via Perl" vulnerability
Added project selection to FogBugz send to action
Improved text parser improvements
Added the total number of attack counts per parameter for current scan policy to scan policy editor dialog
Added the passive engine names which are currently running to scan summary dashboard
Added separate checks in scan policy for each supported web app fingerprint application

FIXES

Fixed Extensive Security Checks policy to enable DOM simulation for open redirection
Fixed Extensive Security Checks policy to enable Prepend Original Value for XSS security tests
Fixed authentication verifier to omit empty keywords for keyword based authentication
Fixed authentication verifier to omit keywords longer than 200 characters for keyword based authentication
Fixed authentication verifier to omit keywords containing null bytes for keyword based authentication
Fixed URL rewrite analysis to respect case sensitivity settings
Fixed a form authentication issue which image submit elements were not clicked
Fixed send to extension context menu which does not focus Extensions section when Options dialog is opened
Fixed a form authentication verification issue which may crash when username and/or password is empty
Fixed a manual crawling issue when proxy was left open when you start a regular scan after a manual crawling
Fixed custom reporting sample code on user manual to match the latest reporting API
Fixed an issue occurs when the HTTP response body starts with unicode BOM
Fixed Open Redirect security checks where it should not perform DOM based checks if DOM checks are turned off
Fixed fiddler logging where form authentication requests were not being captured
Fixed static resource finder where it was not following a redirect if only the protocol portion of an URL changes
Fixed Start a New Scan dialog where Schedule Scan dialog was always shown when you first try to schedule a scan
Fixed DOM simulation hangs if a rogue JavaScript call enters an endless loop
Fixed slow XSS highlights on some responses
Fixed disk space detection on cases when there are no space left on disk where Invicti documents folder resides
Fixed the issue on Start a New Scan dialog where some check box values were not restored correctly
Fixed a bug where Full-Url LFI attack which is specific to Ruby-on-Rails applications could not be confirmed
Fixed a bug where XSS vulnerability could not be confirmed when injection occurs in the middle of a CSS style
Fixed a bug where generated XSS exploit did not work due to incorrect encoding
Fixed a bug where a false-positive file upload vulnerability was reported
Fixed a bug where maximum amount of hard fails was preventing next scan making HTTP requests
Fixed "Missing Content-Type" reporting issue where redirected responses should not be reported
Fixed Set-Cookie response headers being merged issue on response viewers
Fixed an issue where send failures were not being handled while making HTTP requests
Fixed credit card reporting issue where the value specified in default form values section should not be reported
Fixed the trimmed parameter name issue on controlled scan pane
Fixed ignore vulnerability issue function where it was not working for comparison reports
Fixed documentation for nginx vulnerability template that tells how to fix the issue
Fixed HSTS support for form authentication HTTP requests
Fixed a bug which prevents attacking from resuming when an existing session is imported
Fixed the issue of HttpRequests.saz file being truncated when a scan is resumed after import
Fixed fiddler log file saving issue where chunked response bodies were not being saved correctly
Fixed a URI parsing issue where non-HTTP(S) protocols are ignored
Fixed a DOM XSS scanner issue that crashes Invicti when a long URL is parsed
Fixed a bug where an attribute based attack could not be confirmed as XSS
Fixed a bug where an injection with "javascript:" protocol for XSS attacks occurs after a new line
Fixed a bug where exploitation goes into loop and causes an unresponsive UI for error based SQLi
Fixed a bug where redirection happens relatively and reported as Open Redirect vulnerability
Fixed an issue where importing links to an existing profile with imported links was failing
Fixed generated report name issue where and extra .htm extension is added to report file if run from command line
Fixed an unhandled ArgumentException raised from permanent XSS detection
Fixed the issue that Invicti hangs with a confirmation dialog upon scan completion when started with /auto command line parameter
Fixed an issue where a Groovy RCE is reported as Perl RCE
Fixed an issue where a scan started with Scan Imported Links option were attacking to links those are not imported
Fixed an issue where retest request is started with the attacked value and causes a vulnerability creation in a different injection point
Fixed a WSDL parsing issue where reference parameters were not handled
Fixed a WSDL parsing issue where XML types were not handled
Fixed a visual bug where "Security Check Groups" description text was clipped
Fixed a bug where illegal characters were causing invalid XML reports
Fixed an issue where RCE Perl exploitation could not be performed due to incorrect encoding
Fixed an issue with auto complete input reporting where highlighting was not correct
Fixed an issue with web app fingerprinting where pausing the scan was not pausing it
Fixed an issue that occurs during form authentication with an HSTS site that performs redirects to an URL with http protocol
Fixed a form authentication configuration issue where both keyword based and redirect based logout detection pattern could be configured
Fixed a bug where the hash is reported incorrectly in a DOM based XSS vulnerability
Fixed the misleading content in basic authentication over clear text vulnerability