Invicti Product Release Notes
18 Jan 2016
18-Jan-2016
FEATURES
- Added automatic configuration of URL rewrite rules
- Added the Scan Policy Optimizer
- Added automated evidence collection to several confirmed vulnerabilities
- Added sessionStorage and localStorage support
- Added URL Rewrite knowledgebase node to list the URL patterns that have been discovered
- Added support for deleting a team member permanently
- Added support for detecting outdated versions of popular JavaScript client-side libraries
- Added vulnerability tasks' todo list to dashboard
- Added "Do not expect challenge" option to basic authentication settings
- Added "Override Target URL with authenticated page" option to form authentication settings
- Added several new knowledge base nodes to report SSL and CSS issues, and one for slowest pages
- Added "Websites that have shortest fix time" and "Websites that have longest fix time" tables on global dashboard
- Added support for displaying relative dates in a friendly format
- Added import links support to new scan API endpoint
NEW SECURITY CHECKS
- Added Windows Short File Name security checks
- Added several new backup file checks
- Added web.config pattern for LFI checks
- Added boot.ini pattern for LFI checks
- Added a signature which checks against a passive backdoor affecting vBulletin 4.x and 5.x versions
- Added a signature which checks against an error message generated by regexp function at MySQL database
- Added DAws web backdoor check
- Added MOF Web Shell backdoor check
- Added RoR database configuration file detection
- Added RoR version disclosure detection
- Added RoR out-of-date version detection
- Added RoR Stack Trace Disclosure
- Added RubyGems version disclosure detection
- Added RubyGems out-of-date version detection
- Added Ruby out-of-date version detection
- Added Python out-of-date version detection
- Added Perl out-of-date version detection
- Added RoR Development Mode Enabled detection
- Added Django version disclosure detection
- Added Django out-of-date version detection
- Added Django Development Mode Enabled detection
- Added PHPLiteAdmin detection
- Added phpMoAdmin detection
- Added DbNinja detection
- Added WeakNet Post-Exploitation PHP Execution Shell (WPES) detection
- Added Adminer detection
- Added Microsoft IIS Log File detection
- Added Laravel Configuration File detection
- Added Laravel Debug Mode Enabled detection
- Added Laravel Stack Trace Disclosure
- Added S/FTP Config File detection
IMPROVEMENTS
- Improved calculating algorithm of vulnerability fix times
- Manage team permission replaced with "Admin" permission
- Added support to see website dashboard without scan group filter
- Added scan type information to "Detailed Scan Report"
- Added paging support for scan policy list
- Improved new user email template
- Increased website verification failure limit
- Changed vulnerability chart's colors on the dashboard page
- Added icons for displaying vulnerability status on the vulnerability task page
- Knowledgebase items are expanded by default if they contain a single item
- Added retestable information to vulnerability detail on the scan report page
- Users are redirected to scan group create page if no scan group is found on new scan
- Added a warning message if target path does not end with a trailing slash on the new scan
- Added first seen date information to vulnerabilities page
- Several scan performance improvements to reduce memory usage
- Improved credit card detection to eliminate false positives
- HTTP cookie handling code written from scratch to conform with the latest RFCs which modern browsers also follow
- SSL cipher support check code has been rewritten to support more cipher suites
- SSL checks are now made for target URLs even when protocol is HTTP
- Updated embedded chrome based browser engine to version 41
- Added more ignored parameters for ASP.NET web applications
- Improved scan policy versioning where new security checks are automatically included or excluded by default on existing scan policies
- Improved LFI pattern that matches win.ini files
- Improved XSS coverage by adding an attack pattern for email inputs which require an @ character
- Improved cookie vulnerability details to show all cookies that are not marked as Secure or HttpOnly
- Improved out-of-date vulnerability templates by including severity information of vulnerabilities for that version of software
- Improved out-of-date vulnerability reporting by increasing the severity of the vulnerability if that version of software has an important vulnerability
- Improved Ruby version disclosure detection
- Improved SQL injection vulnerability template by adding remedy information for more development environments
- Improved common directory checks by adding more known directory names
- Updated default user agent
- Improved the default Anti-CSRF token name list
- Improved database error messages vulnerability detection for Informix
- Added new XSS attack pattern for title tag in which JavaScript execution is not possible
- Improved XHTML attacks to check against XSS vulnerabilities
- Optimized confirmation of Boolean SQLi
- Added exploitation for Remote Code Evaluation via ASP vulnerability
- Revamped DOM based XSS vulnerability detail with a table showing XPath column
- Changed SQLi attack patterns specific to MSSQL database with shorter ones
- Improved SQLi attack pattern which causes a vulnerability in LIMIT clauses specific to MySQL database
- DOM simulation is turned off for hidden input types which causes a false-positive confirmed XSS vulnerability
- Improved the "Name" form value pattern to match more inputs
- Improved confirmation of Expression Language Injection vulnerability
- Improved Frame Injection vulnerability details
- Added .phtml extension to detect code execution via file upload
- Improved blind SQL injection detection on some INNER JOIN cases
- Improved external references section of "Remote Code Evaluation (PHP)" vulnerability
- Added retest support for several vulnerability types
- Improved Apache Tomcat detection patterns
- Increased the number of sensitive comments reported
- Improved text parser improvements
- Added separate checks in scan policy for each supported web app fingerprint application
FIXES
- Fixed an issue where imported relative links were not set correctly
- Fixed an issue where scheduled scan names were duplicated
- Fixed URL rewrite analysis to respect case sensitivity settings
- Fixed a form authentication issue which image submit elements were not clicked
- Fixed an issue occurs when the HTTP response body starts with unicode BOM
- Fixed Open Redirect security checks where it should not perform DOM based checks if DOM checks are turned off
- Fixed static resource finder where it was not following a redirect
- Fixed DOM simulation hangs if a rogue JavaScript call enters an endless loop
- Fixed slow XSS highlights on some responses
- Fixed a bug where Full-Url LFI attack which is specific to Ruby-on-Rails applications could not be confirmed
- Fixed a bug where XSS vulnerability could not be confirmed when injection occurs in the middle of a CSS style
- Fixed a bug where generated XSS exploit did not work due to incorrect encoding
- Fixed a bug where a false-positive file upload vulnerability was reported
- Fixed a bug where maximum amount of hard fails was preventing next scan making HTTP requests
- Fixed ""Missing Content-Type"" reporting issue where redirected responses should not be reported
- Fixed an issue where send failures were not being handled while making HTTP requests
- Fixed credit card reporting issue where the value specified in default form values section should not be reported
- Fixed the trimmed parameter name issue on controlled scan panel
- Fixed documentation for nginx vulnerability template that explains how to fix the issue
- Fixed HSTS support for form authentication HTTP requests
- Fixed a URI parsing issue where non-HTTP(S) protocols are ignored
- Fixed a bug where an attribute based attack could not be confirmed as XSS
- Fixed a bug where an injection with ""javascript:"" protocol for XSS attacks occurs after a new line
- Fixed a bug where exploitation goes into loop and causes an unresponsive UI for error based SQLi
- Fixed a bug where redirection happens relatively and reported as Open Redirect vulnerability
- Fixed an issue where a Groovy RCE is reported as Perl RCE
- Fixed a WSDL parsing issue where reference parameters were not handled correctly
- Fixed a WSDL parsing issue where XML types were not handled correctly
- Fixed an issue that occurs during form authentication with an HSTS site that performs redirects to an URL with http protocol
- Fixed a bug where the hash is reported incorrectly in a DOM based XSS vulnerability
- Fixed the misleading content in basic authentication over clear text vulnerability