The latest build of Acunetix Web Vulnerability Scanner includes a lot of changes and new security tests. Here is a short summary of the most interesting tests we’ve just added. 1. Vulnerable JavaScript libraries Acunetix Web Vulnerability Scanner can now identify vulnerable versions of various JavaScript…
Author Archives Bogdan Calin
THE AUTHOR
Bogdan Calin
Latest Improvements in the Detection of DOM XSS Vulnerabilities
The latest build of Acunetix Web Vulnerability Scanner (Build 20131023) released yesterday, contains important improvements in the detection of DOM XSS vulnerabilities. Our DeepScan technology was also further strengthened in this build. Take the following piece of code for example: This code is vulnerable to…
Critical vulnerabilities discovered in Gazelle and TBDEV.net
Gazelle and TBDEV.NET are the most popular web applications used as BitTorrent trackers. A BitTorrent tracker is an application that assists in the communication between peers using the BitTorrent protocol. BitTorrent trackers can be public/open where anybody can join or private (where an invitation is…
WordPress Caching Plugins Remote PHP Code Execution
Two very popular WordPress caching plugins: WP Super Cache (4,373,811 downloads) and W3 Total Cache (1,975,480 downloads) have been affected by a vulnerability that allows remote users to execute arbitrary PHP code. The affected versions are: WP Super Cache (version 1.2 and below, version 1.3.x and up are…
WordPress Attack Vectors and Open Amazon S3 Buckets Identified by Acunetix WVS
Recently there were a lot of news reports about an ongoing attack on sites using WordPress software. Attackers are using around 90,000 computers to try to brute force WordPress credentials. All these servers are trying common account names like admin, administrator, test, tom, jessica, … and…
Acunetix WVS Update 20130308 – New Security Tests
Apart from the usual bug fixes / new functionality, each Acunetix WVS update generally includes new vulnerability tests or an improvement to existing checks. In this post, I would like to summarize the new security tests added in the latest Acunetix WVS update. Unicode Transformation…
WordPress Pingback Vulnerability
Recently somebody posted on Reddit about a WordPress scanner that is taking advantage of a new WordPress vulnerability. The vulnerability is abusing the Pingback system, which is a well-known feature that’s used by a lot of bloggers. What is a Pingback? Quoting Wikipedia: A pingback…
The Email that Hacks You
Update: Seems to be working on TP-Link Routers as well (tested on TL-WR841N). Update2: Arcor EasyBox A600 also seems vulnerable. Opening a legitimate looking email on an iPhone, iPad or Mac while using an Asus router with a default or guessable password could compromise the security of…
HTML Form Found in Redirect Page Web Vulnerability
When creating a password protected section for a website, such as an admin portal for a CMS solution, typically developers check if the user session is authenticated. If the user session is not authenticated, the user is redirect to the login page. Maybe because the lack of…