Acunetix introduces pre-request scripts, log data retention options, and many new vulnerability checks

A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.3.210816098.

This Acunetix release introduces pre-request scripts that can be developed using the existing custom vulnerability scripts syntax, new log data retention options, and new vulnerability checks for Oracle E-Business Suite, Alibaba Nacos, GitLab, Jenkins, and others. This latest Acunetix release includes numerous improvements, updates to existing functionality, and product fixes, all of which are available for all editions of Acunetix Premium.

New features

• Pre-request script support
• New log data retention options

New vulnerability checks

• New check for Oracle E-Business Suite information disclosure
• New check for Alibaba Nacos authentication bypass (CVE-2021-29441)
• New check for GitLab CI Lint SSRF
• New check for GitLab open user registration
• New check for GitLab user disclosure via GraphQL endpoint
• New check for Bitrix galleries_recalc.php XSS
• New check for Bitrix open redirect
• New check for Jetty ConcatServlet information disclosure (CVE-2021-28164)
• New check for Jenkins open user registration
• New check for Open Mikrotik stats
• New check for Open Nuster stats
• New check for RethinkDB administrative interface publicly exposed
• New check for spring-boot-actuator-logview path traversal
• New check for Hasura GraphQL API without authentication
• New check for ForgeRock OpenAM deserialization RCE (CVE-2021-29156)
• New check for BuddyPress REST API privilege escalation
• New check for Grandnode path traversal (CVE-2019-12276)
• New check for SearchBlox local file inclusion (CVE-2020-35580)
• New check for Zimbra Collaboration Suite SSRF (CVE-2020-7796)
• New check for Ghost CMS theme preview XSS (CVE-2021-29484)
• New check for qdPM information disclosure
• New checks for vulnerabilities in WordPress plugins

Updates

• Max items shown per page can now be configured
• Updated DeepScan to process hashes in URLs
• Updated Chromium to v92.0.4512.0
• Updated CSV export to include text-only details
• JavaScript library audit now supports merged JavaScript files
• Added support for dev tools in standalone LSR
• Multiple UI updates
• Multiple LSR updates
• The target knowledge base will now be reset when target settings are changed
• Updated the Selenium import to support selectFrame
• Updated the OWASP Top 10 report to include a CVSS score
• Updated the Compliance report to include CWE
• Added an option to enable debug logs for all targets
• Optimisations to the Java and Node.js AcuSensors
• Improved support for Hapi framework in the Node.js AcuSensor
• Added support for find-my-way HTTP router in the Node.js AcuSensor
• Improved ionCube loader-wizard information disclosure check
• Improved cache poisoning DOS checks
• Improved detection of Apache Struts2 remote command execution (S2-052)
• Improved detection of directory traversal vulnerabilities

Fixes

• Fixed multiple crashes in the scanner
• Fixed an issue causing some requests to be done to restricted links
• Addressed multiple DeepScan issues
• Paused scans can not be aborted
• Fixed an XPath injection false positive
• Fixed a Bitrix open redirect false positive
• Fixed a Spring boot actuator false negative
• Fixed an issue in the .NET sensor manager – not showing buttons on lower resolutions
• Fixed an issue with Postman imports

Upgrade to the latest build

If you are already using Acunetix build 14.x, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > About page.

If you are using Acunetix build 13.x or earlier, you need to download Acunetix from here. Use your Acunetix license key to download and activate your product.