Experimental Second Order SQL Injection support added. Doesn’t support confirmation or exploitation yet.
Confirmation added to Permanent Cross-site Scripting Engine
SQL Injection Error based confirmation added for PostgreSQL, MySQL and Oracle.
SQL Injection Engine was missing string based SQL Injection vulnerabilities in LIKE clauses when crawler can’t find the correct search string. This issue is fixed and works regardless of the found default string.
URI Based Cross-site Scripting Confirmation added
URI Based issues were reported more than once, this problem fixed
LFI Engine and exploitation works better now. Several minor bugs addressed.
Many possible SQL Injections issues removed as we are now sure they are not vulnerable
XSS Confirmation now bypasses more blacklists
Content-Type based XSS detection added and ratings changed
Email disclosure check improved
Minor bugs addressed in Unix and Windows Internal Path Disclosure issues. Windows Internal Path Disclosure improved.
Proxy settings moved to global settings
Now you can see the active proxy settings in the status bar
Invicti now support NTLM, Basic, Digest, Kerberos and Negotiation Authentication for Proxy