Home
/
Documentation
/
7 June 2023
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
07 Jun 2023

7 June 2023

New security checks

  • Added the check for Boolean-based MongoDB injection.
  • Added the check for MongoDB Operator Injector.
  • Implemented the XML external entity check for IAST.
  • Added the ISO/IEC27001:2022 Classification.
  • Added the report template and attack pattern to the Out-of-band RCE.
  • Added passive check for Lua.
  • Added a security check to detect public Docker files.
  • Implemented a new engine to identify WordPress themes and Plugins.
  • Added new security checks for SAML.
  • Added security check for IT Hit WebDAV Server .Net Version Disclosure.
  • Added security check for MS Exchange Version Disclosure.
  • Added new payloads for Command Injection.
  • Added support for PopperJS.
  • Added support for CanvasJS.
  • Added new security check for the SQLite Database Detection.
  • Added new payloads for Header Injection.
  • Added new security check for Spring Boot Actuator Detection.
  • Added security check for NodeJS Stack Trace Disclosure.
  • Added security check for SailsJS and ActionHero Identified.
  • Added security check for JetBrains .idea Detected.
  • Added security check for GraphQL Stack Trace Disclosure.
  • Added security checks for Javascript Libraries.
  • Added security checks for Web Application Fingerprinter Engine.
  • Added new security checks for WordPress Hello Elementor Theme Detection.
  • Added new security checks for WordPress Twenty Twenty-Three Theme Detection.
  • Added new security checks for WordPress Twenty Twenty-Two Theme Detection.
  • Added new security checks for WordPress Astra Theme Detection.
  • Added new security checks for WordPress Twenty Twenty-One Theme Detection.
  • Added new security checks for WordPress Twenty Twenty Theme Detection.
  • Added new security checks for WordPress OceanWP Theme Detection.
  • Added new security checks for WordPress Twenty Seventeen Theme Detection.
  • Added new security checks for WordPress Kadence Theme Detection.
  • Added new security checks for WordPress Twenty-Sixteen Theme Detection.
  • Added new security checks for WordPress Twenty Nineteen Theme Detection.
  • Added new security checks for WordPress PopularFX Theme Detection.
  • Added new security checks for WordPress GeneratePress Theme Detection.
  • Added new security checks for WordPress Inspiro Theme Detection.
  • Added new security checks for WordPress Go Theme Detection.
  • Added new security checks for WordPress Smash Balloon Social Photo Feed Plugin Detection.
  • Added new security checks for WordPress Contact Form 7 Plugin Detection.
  • Added new security checks for WordPress Yoast SEO Plugin Detection.
  • Added new security checks for WordPress Elementor Website Builder Plugin Detection.
  • Added new security checks for WordPress Classic Editor Plugin Detection.
  • Added new security checks for WordPress Akismet Spam Protection Plugin Detection.
  • Added new security checks for WordPress WooCommerce Plugin Detection.
  • Added new security checks for WordPress Contact Form by WPForms Plugin Detection.
  • Added new security checks for WordPress Really Simple SSL Plugin Detection.
  • Added new security checks for WordPress Jetpack Plugin Detection.
  • Added new security checks for WordPress All-in-One WP Migration Plugin Detection.
  • Added new security checks for WordPress Wordfence Security Plugin Detection.
  • Added new security checks for WordPress Yoast Duplicate Post Plugin Detection.
  • Added new security checks for WordPress WordPress Importer Plugin Detection.
  • Added new security checks for WordPress LiteSpeed Cache Plugin Detection.
  • Added new security checks for WordPress UpdraftPlus WordPress Backup Plugin Plugin Detection.
  • Added new security check for EZProxy Identified.

Improvements

  • Improved the user interface for the website's menu for API.
  • Improved the user interface for the crawling options on the New Scan page.
  • Improved the business logic recorder to play the authenticated record.
  • Updated the Signature Detection pattern.
  • Improved the wordlist for Forced Browsing checks.
  • Changed the Session Cookie not marked as Secure severity from High to Medium.
  • Improved the performance of downloading the discovery data via the API endpoint.
  • Increased the delay control for max scan duration to 12 hours. After 12 hours of the maximum scan time set by the customer, the web application fails the scan.
  • Improved Drupal and Joomla detection.
  • Improved the Next.js version detection.
  • Improved Django debug mode enabled.
  • Updated the SSL/TLS report template.

Fixes

  • Improved report generation via API endpoints.
  • Fixed the login failures when the Authentication Profile is selected as the Use matched profile.
  • Fixed the issue that caused the flashing custom script screen.
  • Fixed the issue with cascading combo box by fixing the query.
  • Fixed an internal server error while exporting from the Invicti Standard to the Invicti Enterprise.
  • Fixed the issue with the “#” sign that can appear in the target URL.
  • Fixed the issue with choosing the All option from the website group drop-down on the Reporting page.
  • Fixed an issue about HTTP Status codes on the crawler performance in the Knowledge Base Report.
  • Fixed the importing GraphQL introspection issue.
  • Fixed the weak Nonce detection in Content Security Policy.