Similar to Blind Out-of-band SQL Injection vulnerabilities, AcuMonitor can now detect Blind Out-of-band Remote Code Execution (RCE) vulnerabilities. Let’s consider a vulnerable PHP application that contains the following code $cmd = isset($_GET[‘1’]) ? $_GET[‘1’] : ”; if ($cmd) { exec(‘ping -c 1 ‘ . $cmd);…
Blind Out-of-band SQL Injection vulnerability testing added to AcuMonitor
Acunetix AcuMonitor is a free intermediary service that helps detect second-order vulnerabilities (i.e. vulnerabilities that do not provide a response to a scanner during testing) during a scan. AcuMonitor made its debut with Acunetix WVS version 9. Since then, we’ve continuously improved the service and…
Increased support for REST, Java and Ruby on Rails testing
Acunetix WVS v10 improves its support for crawling and identifying vulnerabilities in various web technologies. This is the result of feedback gathered during the past months from our user-base. Keeping abreast with updates to web technologies is of utmost importance, as it allows Acunetix to…
In the headlines: Windows 10, Drupal, GitHub and more
Windows 10 due to support SSH As you should now have heard, or as you might notice from the new little Windows icon on your taskbar, Windows 10 is due to be released at the end of July. The most interesting bit of news from…
ASD Strategies to Mitigate Targeted Cyber Intrusions
In Australia, the government provides formal guidance regarding cyber security in the form of the ‘Strategies to Mitigate Targeted Cyber Intrusions’ document, issued by the Department of Defence. This ties with the statutory information security compliance which anyone handling Australian Government data is subject to….
UK 2015 information security breaches survey
The UK 2015 information security breaches survey has just been published, showing as anticipated that just about every aspect of security breaches is on the increase. A staggering 90% of large organisations surveyed admitted to having experienced at least one breach within the last year,…
The What, Why and How of Wassenaar
If you work in the realm of cyber security and monitor its goings-on then you will probably have come across this hashtag lately; #wassenaar. Here we’re going to explain what’s happening, what exactly it means and how it might affect you. Wassenaar is the name…
In the headlines: mSpy, Friend Finder and more
mSpy surveillance service hacked In a somewhat ironic turn of events, mSpy, a provider of software allowing people to track others such as their children or spouses, has admitted to suffering a data breach. The news emerged through the Krebs on Security blog by security…
Telstra reveals Pacnet succumbs to SQLi attack
Telstra, Australia’s largest telephone operating company, revealed yesterday that its internal corporate network Pacnet had been compromised via an SQL Injection attack. So far it is not yet known what exactly was taken from the network, but it is clear that the perpetrators had complete…