Invicti Standard 28 Mar 2019

NEW FEATURES

  • Added Invicti Assistant, a smart scan assistant that will guide you through a Scan
  • Added OAuth2 Authentication support
  • Added a new Best Practice severity level for vulnerabilities that are recommended practices but not critical
  • Added Azure DevOps Send To integration
  • Added an option to report only Confirmed vulnerabilities while generating reports
  • Added Redmine Send To integration
  • Added Bugzilla Send To integration
  • Added F5 WAF rule generation
  • Added Dark UI theme
  • Added RESTful API Modeling Language (RAML) link import support
  • Added facility to exclude certain URLs from URL Rewrite Detection
  • Added support for importing links from WordPress REST API files
  • Added a Scan Policy for OWASP Top 10 vulnerabilities
  • Added a Scan Policy for PCI vulnerabilities
  • Added support for deleting a Scan from Local Scan files

NEW SECURITY CHECKS

  • Added support for exploiting Drupal Remote Code Execution (CVE-2019-6340)
  • Added Unicode Transformation (Best-Fit Mapping) security check
  • Added detection for possible Header Injection
  • Added out-of-date detection for Oracle Database Server
  • Added out-of-date detection for Mithril
  • Added out-of-date detection for ef.js
  • Added out-of-date detection for Match.js
  • Added out-of-date detection for List.js
  • Added out-of-date detection for RequireJS
  • Added out-of-date detection for Riot.js
  • Added out-of-date detection for Inferno
  • Added out-of-date detection for Marionette.js
  • Added out-of-date detection for GSAP
  • Added config.json check to Resource Finder
  • Added detection support for TS Web access
  • Added detection support for .travis.yml

IMPROVEMENTS

  • Improved Scan performance by allocating computer resources better
  • Included XXE, File Upload, SSL, RFI, ELI, XSS via RFI vulnerabilities into vulnerability families
  • Out-of-date server-side apps are highlighted in the Site Profile
  • Clicking on links displayed in Knowledge Base items will navigate to the related node
  • Added URL to the Email List Knowledge Base
  • Added URL to the request which cookie is set on Cookies Knowledge Base
  • Custom URL Rewrite Rules can be sorted by clicking the column header
  • Added a description that tells why only 10 pages are reported on Slowest Pages Knowledge Base
  • The URL Rewrite Rules that are found automatically during the scan are sorted alphabetically in the Knowledge Base
  • Added an option to prevent the operating system from going to sleep while there is a scan in progress
  • Added an Exploit context menu item to the Sitemap and Issues nodes
  • Vulnerable parameters are now highlighted in the Sitemap and Issues nodes
  • Updated Code Evaluation (PHP) attack patterns
  • Due Date setting has been replaced with Due Days on some of the Send To integrations
  • Improved the icons used in the Sitemap and Issues nodes
  • Removed deleted scan files from the File Import list
  • Improved DOM Simulation performance and fixed several issues
  • Improved react JavaScript framework support on Form Authentication
  • HTML Select elements without event listeners are simulated in DOM Simulation
  • Improved the performance of the Activity pane’s viewer
  • Added a Copy URL context menu item to the Activity viewer
  • The File Upload engine searches newly discovered file names in the upload response and in the upload folders
  • Improved operating system detection by the Site Profile node in the Knowledge Base
  • Added Activity Status information to the Sitemap nodes
  • Added support for attacking the name of POST parameters
  • Improved the layout for Reports on scans that detected zero vulnerabilities
  • Improved the External References for several vulnerabilities
  • Added ISO 27001 information to the Executive Summary Report
  • CSP vulnerabilities will no longer display a ‘certainty’ value if they are already marked as Confirmed
  • Fixed an issues in DOM Simulation where the change of select elements was not being properly dispatched to the underlying JavaScript framework
  • Added support for exploiting XSS on text and XML content types
  • Users can now resize the Activity Viewer columns
  • Out of Date SQL vulnerabilities are reported as Confirmed
  • Added clarification for branch logic in the latest versions of the Report Template for Out of Date vulnerabilities
  • Added hyperlinks for Folders.txt in the Common Directories engine and GenericEmails.txt to Ignored Email Address settings for easy access
  • All security engines are checked when the Controlled Scan panel is manually opened
  • Added Cookie Whitepaper reference to cookie vulnerability templates
  • Added External References to ExpressJS, CakePHP and Possible Stored XSS templates
  • Improve grammar in Insecure Transportation Security Protocol Supported (TLS 1.0) vulnerability details
  • Added support for highlighting input elements that are used to send passwords over query strings
  • Improved rendering performance of the Knowledge Base’s Comments page when there are too many comments
  • More commands are executed in the Code Evaluation exploitation to generate proofs
  • Improved Out of Band SSTI attack payloads
  • Added automatic selection in the Form Authentication dialog when all fields are filled up
  • Added case sensitive search for Raw Response viewer
  • Added an overlay to display longer scans are being imported, to block user activity and show progress
  • Added Show/Hide Password button in Form Authentication settings
  • Added an information dialog displayed when a scan is finished and Invicti window is in the background
  • Improved highlight function for detected JavaScript libraries
  • Improved reports to display the product version on which the Scan is performed
  • Improved the HTTP Request Builder panel to display generic headers
  • Manuscript has been renamed FogBugz
  • Scan Profile, Scan Policy and Report Policy comboboxes are disabled when the Scan is finished
  • Improved RFI confirmation for URL Rewrite parameters
  • Improved adding Out of Date Information Database information to the Site Profile
  • Improved signatures of Nginx Version Disclosure patterns
  • Optimized the attack speed of XSS and LFI engines
  • The Concurrent Connection slider in the Scan Policy Editor has been changed to Request Per Second to comply with new scan performance improvements
  • Added a piece of extra information to Out-of-date vulnerability templates to explain the vulnerability reason
  • Security Checks search has been improved in the Scan Policy Editor by tagging the SSL/TLS related security checks
  • Cookie checks will analyze session cookie names to detect platform-specific default session names
  • Missing HIPAA classifications in Insecure Transportation Security Protocol Supported Default Report Policy templates have been added
  • Stored XSS and Insecure Frame Default Report Policy vulnerability descriptions have been improved
  • Phishing by Navigating Browser Tabs Default Report Policy vulnerability description have been improved
  • Added Jira Account ID field for Jira Send To Action to assign issues to a user as JIRA Api will not accept username after 29 April 2019

FIXES

  • Fixed failing VDB update when multiple instances were running
  • Fixed the incorrect URLs that were added during the DOM simulation for forms without action attributes
  • Fixed the issues where extra vulnerabilities were added to the Sitemap during a Retest All
  • Fixed the issue where the SameSite cookie vulnerability was reported for cookies that were missing Lax or Strict attributes
  • Fixed an issue where JavaScript file parsing was taking longer than expected in some occasions
  • Fixed an issue where copied URL Rewrite Rules from Knowledge Base cannot be pasted in URL Rewrite settings
  • Fixed an issue where JavaScript file parsing might take longer than expected in some occasions
  • Fixed a NullReferenceException that was thrown while saving the layout of panes
  • Fixed an ObjectDisposedException that was thrown when cancelling a Retest
  • Fixed the Listening Port so that it is no longer set for the next Manual Crawl
  • Fixed the issue where Finished Scans were displayed a Paused Scan icon
  • Fixed the issue where the Fixed notice text was missing for fixed vulnerabilities
  • Fixed the issue where the incorrect severity was reported for the Cookie not Marked as Secure vulnerability of a non-session cookie
  • Fixed the incorrect order of the vulnerabilities in the Issues panel
  • Fixed the Trial Licence dialog that was popping up twice
  • Fixed the issue where data from a previous scan was displaying in the Activity panel
  • Fixed HTTP 400 errors raised by the ServiceNow Send To integration
  • Fixed the ObjectDisposedExceptions error that was thrown during Blind SQL Injection checks
  • Fixed an issue where the SSL client handshake code was having issues while trying to communicate with a specific server with different configuration
  • Fixed the issue where the status bar displayed the incorrect number of remaining trial days
  • Fixed the oversized icons displayed in the Logs panel caused when the screen DPI was set too high
  • Fixed the filtering issue in the Issues panel which caused new vulnerabilities discovered to be displayed even though they did not match the filter
  • Fixed the incorrect vulnerability count, caused by variations, that was displayed in the Status Bar
  • Fixed an UnauthorizedAccessException that was thrown while attempting to select restricted folders during the Export to Cloud process
  • Fixed an issue in the CSP engine where the ‘strict-dynamic’ directive was reported as an unsupported hash
  • Fixed the problem where the application was hanging on shutdown
  • Fixed missing Authentication cookies in the Knowledge Base
  • Fixed incorrect nonce detected without matching script block vulnerability
  • Fixed a DOM simulation issue where the passed element to call the setTimeout function was being ignored
  • Fixed a Retest issue where Out-of-Band SSTI vulnerabilities were marked as retestable
  • Fixed the issue where the tiny Validation Error icon was displaying in screens when the screen DPI was set too high
  • Fixed the issue where cookies were sent during the request for the Favicon image of the target URL
  • Fixed the handling of newline characters while rendering the Proof of Concept section of the Vulnerability details
  • Fixed the high DPI issues in the Bulk Export to Enterprise panel
  • Fixed the issue where the uninstall process was interrupted if an Invicti instance was still running
  • Fixed high DPI issues in the Local Scans panel during Import
  • Fixed a NullReferenceException that occurred while rendering Vulnerability Details
  • Fixed the issue where the Activity Viewer automatically scrolled to the top following updates to activities
  • Fixed the Knowledge Base Report’s header, where the image, title and severity level were overlapping
  • Fixed the issue where Internal Path Disclosure was reported on script and stylesheet files
  • Fixed an issue that caused FP Insecure Reflected Content to be reported
  • Fixed the issue where the CSRF engine did not highlight the vulnerable HTML form when the name and action were not specified
  • Fixed the issue where brute-force attacks were carried out regardless of the Authentication Type
  • Fixed an issue in the Request Builder where the POST parameters were removed after switching tabs
  • Fixed the issue where the LFI vulnerability confirmation patterns did not match the response returned from a Linux server
  • Fixed an issue in the Response Viewer tab where the selected text remained highlighted even after the search was cleared
  • Fixed the issue where vulnerability fields were not updated after a Retest
  • Fixed the value of double encoded null byte in LFI, XSS attack patterns
  • Fixed an issue in the Swagger importer where the parameter declared on the path level was not recognized
  • Fixed an issue in the LFI engine where the confirmation payload was appended to the attack payload
  • Fixed an issue in the Request Builder where duplicate headers could be added because header names were treated as Case Sensitive
  • Fixed the problem where the wrong error message was displayed when a file parameter was selected in the Request Builder
  • Fixed an unnecessary Header Warning dialog that popped up when the Edit Link button was clicked in the Request Builder
  • Fixed an issue where an imported link could be saved without correcting the errors in the Request form
  • Fixed an issue where links generated in Invicti attacks were added to the Sitemap
  • Fixed the value of the double encoded null byte in the Header Injection pattern
  • Fixed the encoding of the % sign in the base64 payload in XSS attacks
  • Fixed the attack payload in the PHP Injection Fixed One Time Attack pattern
  • Fixed an issue where version numbers were not correctly displayed in the Affected Versions section of VDB vulnerabilities
  • Fixed an issue where the wrong importer format was selected by default in the Enter Links dialog
  • Fixed the selection issue in the filtered Security Checks of the Scan Policy panel
  • Fixed the encoding issue in the SQL Injection confirmation attack
  • Fixed the validation issue of the Send to Action configuration
  • Fixed the unnecessary node selection when the Expand/Collapse button was clicked on the Sitemap tree
  • Fixed the grouping issue on vulnerability variations and instances
  • Fixed HTTP method icons in the Sitemap
  • Fixed issues caused by language changes
  • Fixed the scrolling problem in the Vulnerability viewer
  • Fixed the confusion over which persona was used during Form Authentication verification
  • Fixed an order issue in the Sitemap tree
  • Fixed the incorrect variation count presentation issue in the Issues tree
  • Fixed the broken tab key in the Request Builder panel
  • Fixed the incorrect Remaining Day presentation in the License reminder
  • Fixed the issue where the Back button was clickable during the Bulk Export to Invicti Enterprise, causing the export to fail
  • Fixed the issue where an error was displayed instead of the Proof in Blind SQL injection attacks
  • Fixed the wrong proxy display after resetting settings to the default
  • Fixed a performance issue that occurred while exporting a large Scan to Invicti Enterprise
  • Fixed duplicate cookie names that were reported on a Cookie vulnerability
  • Fixed a high DPI issue in the message box
  • Fixed visual issues in the binary Response viewer
  • Fixed an issue where the DOM engine failed to restart on some occasions
  • Fixed an issue where Local/SessionStorage values were not persisting throughout the scan
  • Fixed an issue where Form Authentication sometimes failed while trying to login to some websites that are built with React.JS
  • Fixed a NullReferenceException that was sometimes thrown while saving Scan data
  • Fixed HTML form simulation for cases where the form did not have an element with the Submit type
  • Fixed HTML form simulation to take the Exclude by CSS Selector option into account to ignore required form elements
  • Fixed an issue where overriding the Unicode Replacement characters in binary and JavaScript files sometimes broke the files and did not execute
  • Fixed an issue where Invicti sometimes prevented Windows from shutting down while a Scan was running
  • Fixed an issue where NTLM Authentication was being ignored during Logout Detection
  • Fixed an issue where the cookies that were set in the JavaScript context during Form Authentication were not properly captured
  • Fixed an issue where the Max Simulated Elements option was causing the simulation to hang
  • Fixed an uncaught TypeError that was caused by Max Option Elements checks and causing the simulation to hang
  • Fixed an issue where Signature checks were adding false-positive Site Profile information to the Knowledge Base issue
  • Fixed an issue where ignored vulnerabilities were retested while performing an Incremental Scan
  • Fixed an issue where an incorrect “Subresource Integrity (SRI) Hash Invalid” vulnerability was reported because of hash miscalculation