Acunetix Premium - v13.0.200624118

New Features

• Introduced support for GraphQL
• Introduced support for OAuth2.0
• GraphQL files can be used as Import Files
• New Comprehensive Report, which includes the HTTP Response in the HTML version of the report
• HTTP Response uses syntax highlighting for improved readability
• Scans can now be restricted to paths/locations in import files
• User can choose which columns to show in all the Acunetix lists
• UI saves columns selected for each page / user (applies to Targets, Vulnerabilities, Scans and Reports)
• UI saves number of items to show on each page / user (applies to Targets, Vulnerabilities, Scans and Reports)
• UI saves sorting order for each page / user (applies to Targets, Vulnerabilities, Scans and Reports)

New Vulnerability Checks

• New check for vBulletin 5.6.1 (and earlier) nodeId SQL injection
• New check for Cmd hijack vulnerability
• New check for PHP opcache-gui publicly accessible
• New check for Laravel debug mode enabled
• New check for Laravel Health Monitor publicly accessible
• New check for Laravel Health Horizon publicly accessible
• New check for Laravel Health LogViewer publicly accessible
• New check for Laravel Health Telescope publicly accessible
• New check for Laravel Ignition Reflected Cross-Site Scripting
• New check for Laravel framework weak secret key
• New check for HTML Attribute Injection
• New check for Clockwork PHP dev tool enabled
• New check for PHP Debug Bar enabled
• New check for Broken Link Hijacking
• New checks for Cookie misconfigurations leading to security issues
• New vulnerabilities for WordPress Core, Wordpress plugins, Joomla and Drupal

Updates

• Targets with Manual Intervention cannot have a Business Logic Recording
• Changed vulnerability name filter to use search as you type
• Scans will start reporting pages that require HTTP Authentication
• Acunetix UI notifications have been changed as follows:
  • Moved to bottom right of Acunetix UI
  • Stay longer on the page
  • Can be closed by the user
• Increased name length limit of import files to 128 characters
• User can optionally specify the address to be used for Auto-login. This is useful for SSO login pages
• The scanner will try to connect to the address of the target before aborting the scan after 25 consecutive network errors
• Targets can be deleted and replaced on the license anniversary

Fixes

• Fixed: The vulnerability name filter did not always show all vulnerabilities
• Fixed incorrect error handling message when disabling the proxy settings
• Hide Business Logic Recorder for Network Only targets
• Fixed: Acunetix Online was showing an ID as the name of some network vulnerabilities
• Fixed: Acunetix Online was not always showing the HTTP Response for some vulnerabilities
• Fixed: Acunetix Online was not showing the number of licensed Targets
• Fixed issue causing paths of ignored files to be ignored too
• Fixed LSR issue on Safari browser
• Fixed issue caused when the LSR and BLR are used on certain sites
• Various minor fixes to the UI
• Fixed false positives in over 25 vulnerability checks