Invicti Product Release Notes
07 Jun 2023
7 June 2023
New security checks
- Added the check for Boolean-based MongoDB injection.
- Added the check for MongoDB Operator Injector.
- Implemented the XML external entity check for IAST.
- Added the ISO/IEC27001:2022 Classification.
- Added the report template and attack pattern to the Out-of-band RCE.
- Added passive check for Lua.
- Added a security check to detect public Docker files.
- Implemented a new engine to identify WordPress themes and Plugins.
- Added new security checks for SAML.
- Added security check for IT Hit WebDAV Server .Net Version Disclosure.
- Added security check for MS Exchange Version Disclosure.
- Added new payloads for Command Injection.
- Added support for PopperJS.
- Added support for CanvasJS.
- Added new security check for the SQLite Database Detection.
- Added new payloads for Header Injection.
- Added new security check for Spring Boot Actuator Detection.
- Added security check for NodeJS Stack Trace Disclosure.
- Added security check for SailsJS and ActionHero Identified.
- Added security check for JetBrains .idea Detected.
- Added security check for GraphQL Stack Trace Disclosure.
- Added security checks for Javascript Libraries.
- Added security checks for Web Application Fingerprinter Engine.
- Added new security checks for WordPress Hello Elementor Theme Detection.
- Added new security checks for WordPress Twenty Twenty-Three Theme Detection.
- Added new security checks for WordPress Twenty Twenty-Two Theme Detection.
- Added new security checks for WordPress Astra Theme Detection.
- Added new security checks for WordPress Twenty Twenty-One Theme Detection.
- Added new security checks for WordPress Twenty Twenty Theme Detection.
- Added new security checks for WordPress OceanWP Theme Detection.
- Added new security checks for WordPress Twenty Seventeen Theme Detection.
- Added new security checks for WordPress Kadence Theme Detection.
- Added new security checks for WordPress Twenty-Sixteen Theme Detection.
- Added new security checks for WordPress Twenty Nineteen Theme Detection.
- Added new security checks for WordPress PopularFX Theme Detection.
- Added new security checks for WordPress GeneratePress Theme Detection.
- Added new security checks for WordPress Inspiro Theme Detection.
- Added new security checks for WordPress Go Theme Detection.
- Added new security checks for WordPress Smash Balloon Social Photo Feed Plugin Detection.
- Added new security checks for WordPress Contact Form 7 Plugin Detection.
- Added new security checks for WordPress Yoast SEO Plugin Detection.
- Added new security checks for WordPress Elementor Website Builder Plugin Detection.
- Added new security checks for WordPress Classic Editor Plugin Detection.
- Added new security checks for WordPress Akismet Spam Protection Plugin Detection.
- Added new security checks for WordPress WooCommerce Plugin Detection.
- Added new security checks for WordPress Contact Form by WPForms Plugin Detection.
- Added new security checks for WordPress Really Simple SSL Plugin Detection.
- Added new security checks for WordPress Jetpack Plugin Detection.
- Added new security checks for WordPress All-in-One WP Migration Plugin Detection.
- Added new security checks for WordPress Wordfence Security Plugin Detection.
- Added new security checks for WordPress Yoast Duplicate Post Plugin Detection.
- Added new security checks for WordPress WordPress Importer Plugin Detection.
- Added new security checks for WordPress LiteSpeed Cache Plugin Detection.
- Added new security checks for WordPress UpdraftPlus WordPress Backup Plugin Plugin Detection.
- Added new security check for EZProxy Identified.
Improvements
- Improved the user interface for the website's menu for API.
- Improved the user interface for the crawling options on the New Scan page.
- Improved the business logic recorder to play the authenticated record.
- Updated the Signature Detection pattern.
- Improved the wordlist for Forced Browsing checks.
- Changed the Session Cookie not marked as Secure severity from High to Medium.
- Improved the performance of downloading the discovery data via the API endpoint.
- Increased the delay control for max scan duration to 12 hours. After 12 hours of the maximum scan time set by the customer, the web application fails the scan.
- Improved Drupal and Joomla detection.
- Improved the Next.js version detection.
- Improved Django debug mode enabled.
- Updated the SSL/TLS report template.
Fixes
- Improved report generation via API endpoints.
- Fixed the login failures when the Authentication Profile is selected as the Use matched profile.
- Fixed the issue that caused the flashing custom script screen.
- Fixed the issue with cascading combo box by fixing the query.
- Fixed an internal server error while exporting from the Invicti Standard to the Invicti Enterprise.
- Fixed the issue with the “#” sign that can appear in the target URL.
- Fixed the issue with choosing the All option from the website group drop-down on the Reporting page.
- Fixed an issue about HTTP Status codes on the crawler performance in the Knowledge Base Report.
- Fixed the importing GraphQL introspection issue.
- Fixed the weak Nonce detection in Content Security Policy.