Invicti Product Release Notes
07 Jun 2023
v23.6.0.40861
New security checks
- Added the check for Boolean-based MongoDB injection.
- Added the check for MongoDB Operator Injector.
- Implemented the XML external entity check for IAST.
- Added the ISO/IEC27001:2022 Classification.
- Added the report template and attack pattern to the Out-of-band RCE.
- Added passive check for Lua.
- Added a security check to detect public Docker files.
- Implemented a new engine to identify WordPress themes and Plugins.
- Added new security checks for SAML.
- Added security check for IT Hit WebDAV Server .Net Version Disclosure.
- Added security check for MS Exchange Version Disclosure.
- Added new payloads for Command Injection.
- Added support for PopperJS.
- Added support for CanvasJS.
- Added new security check for the SQLite Database Detection.
- Added new payloads for Header Injection.
- Added new security check for Spring Boot Actuator Detection.
- Added security check for NodeJS Stack Trace Disclosure.
- Added security check for SailsJS and ActionHero Identified.
- Added security check for JetBrains .idea Detected.
- Added security check for GraphQL Stack Trace Disclosure.
- Added security checks for Javascript Libraries.
- Added security checks for Web Application Fingerprinter Engine.
- Added new security checks for WordPress Hello Elementor Theme Detection.
- Added new security checks for WordPress Twenty Twenty-Three Theme Detection.
- Added new security checks for WordPress Twenty Twenty-Two Theme Detection.
- Added new security checks for WordPress Astra Theme Detection.
- Added new security checks for WordPress Twenty Twenty-One Theme Detection.
- Added new security checks for WordPress Twenty Twenty Theme Detection.
- Added new security checks for WordPress OceanWP Theme Detection.
- Added new security checks for WordPress Twenty Seventeen Theme Detection.
- Added new security checks for WordPress Kadence Theme Detection.
- Added new security checks for WordPress Twenty-Sixteen Theme Detection.
- Added new security checks for WordPress Twenty Nineteen Theme Detection.
- Added new security checks for WordPress PopularFX Theme Detection.
- Added new security checks for WordPress GeneratePress Theme Detection.
- Added new security checks for WordPress Inspiro Theme Detection.
- Added new security checks for WordPress Go Theme Detection.
- Added new security checks for WordPress Smash Balloon Social Photo Feed Plugin Detection.
- Added new security checks for WordPress Contact Form 7 Plugin Detection.
- Added new security checks for WordPress Yoast SEO Plugin Detection.
- Added new security checks for WordPress Elementor Website Builder Plugin Detection.
- Added new security checks for WordPress Classic Editor Plugin Detection.
- Added new security checks for WordPress Akismet Spam Protection Plugin Detection.
- Added new security checks for WordPress WooCommerce Plugin Detection.
- Added new security checks for WordPress Contact Form by WPForms Plugin Detection.
- Added new security checks for WordPress Really Simple SSL Plugin Detection.
- Added new security checks for WordPress Jetpack Plugin Detection.
- Added new security checks for WordPress All-in-One WP Migration Plugin Detection.
- Added new security checks for WordPress Wordfence Security Plugin Detection.
- Added new security checks for WordPress Yoast Duplicate Post Plugin Detection.
- Added new security checks for WordPress WordPress Importer Plugin Detection.
- Added new security checks for WordPress LiteSpeed Cache Plugin Detection.
- Added new security checks for WordPress UpdraftPlus WordPress Backup Plugin Plugin Detection.
- Added new security check for EZProxy Identified.
Improvements
- Updated the Signature Detection pattern.
- Improved the wordlist for Forced Browsing checks.
- Changed the Session Cookie not marked as Secure severity from High to Medium.
- Improved the task queue by optimizing code.
- Improved Drupal and Joomla detection.
- Improved the Next.js version detection.
- Improved Django debug mode enabled.
- Updated the SSL/TLS report template.
Fixes
- Fixed the navigational error by ignoring initial requests other than the document-type resources.
- Fixed an issue about HTTP Status codes on the crawler performance in the Knowledge Base Report.
- Fixed the importing GraphQL introspection issue.
- Fixed the weak Nonce detection in Content Security Policy.