Netsparker Cloud Update - 7th January 2016

FEATURES

NEW SECURITY CHECKS

  • Added Windows Short File Name security checks
  • Added several new backup file checks
  • Added web.config pattern for LFI checks
  • Added boot.ini pattern for LFI checks
  • Added a signature which checks against a passive backdoor affecting vBulletin 4.x and 5.x versions
  • Added a signature which checks against an error message generated by regexp function at MySQL database
  • Added DAws web backdoor check
  • Added MOF Web Shell backdoor check
  • Added RoR database configuration file detection
  • Added RoR version disclosure detection
  • Added RoR out-of-date version detection
  • Added RoR Stack Trace Disclosure
  • Added RubyGems version disclosure detection
  • Added RubyGems out-of-date version detection
  • Added Ruby out-of-date version detection
  • Added Python out-of-date version detection
  • Added Perl out-of-date version detection
  • Added RoR Development Mode Enabled detection
  • Added Django version disclosure detection
  • Added Django out-of-date version detection
  • Added Django Development Mode Enabled detection
  • Added PHPLiteAdmin detection
  • Added phpMoAdmin detection
  • Added DbNinja detection
  • Added WeakNet Post-Exploitation PHP Execution Shell (WPES) detection
  • Added Adminer detection
  • Added Microsoft IIS Log File detection
  • Added Laravel Configuration File detection
  • Added Laravel Debug Mode Enabled detection
  • Added Laravel Stack Trace Disclosure
  • Added S/FTP Config File detection

IMPROVEMENTS 

  • Improved calculating algorithm of vulnerability fix times
  • Manage team permission replaced with "Admin" permission
  • Added support to see website dashboard without scan group filter
  • Added scan type information to "Detailed Scan Report"
  • Added paging support for scan policy list
  • Improved new user email template
  • Increased website verification failure limit
  • Changed vulnerability chart's colors on the dashboard page
  • Added icons for displaying vulnerability status on the vulnerability task page
  • Knowledgebase items are expanded by default if they contain a single item
  • Added retestable information to vulnerability detail on the scan report page
  • Users are redirected to scan group create page if no scan group is found on new scan
  • Added a warning message if target path does not end with a trailing slash on the new scan
  • Added first seen date information to vulnerabilities page
  • Several scan performance improvements to reduce memory usage
  • Improved credit card detection to eliminate false positives
  • HTTP cookie handling code written from scratch to conform with the latest RFCs which modern browsers also follow
  • SSL cipher support check code has been rewritten to support more cipher suites
  • SSL checks are now made for target URLs even when protocol is HTTP
  • Updated embedded chrome based browser engine to version 41
  • Added more ignored parameters for ASP.NET web applications
  • Improved scan policy versioning where new security checks are automatically included or excluded by default on existing scan policies
  • Improved LFI pattern that matches win.ini files
  • Improved XSS coverage by adding an attack pattern for email inputs which require an @ character
  • Improved cookie vulnerability details to show all cookies that are not marked as Secure or HttpOnly
  • Improved out-of-date vulnerability templates by including severity information of vulnerabilities for that version of software
  • Improved out-of-date vulnerability reporting by increasing the severity of the vulnerability if that version of software has an important vulnerability
  • Improved Ruby version disclosure detection
  • Improved SQL injection vulnerability template by adding remedy information for more development environments
  • Improved common directory checks by adding more known directory names
  • Updated default user agent
  • Improved the default Anti-CSRF token name list
  • Improved database error messages vulnerability detection for Informix
  • Added new XSS attack pattern for title tag in which JavaScript execution is not possible
  • Improved XHTML attacks to check against XSS vulnerabilities
  • Optimized confirmation of Boolean SQLi
  • Added exploitation for Remote Code Evaluation via ASP vulnerability
  • Revamped DOM based XSS vulnerability detail with a table showing XPath column
  • Changed SQLi attack patterns specific to MSSQL database with shorter ones
  • Improved SQLi attack pattern which causes a vulnerability in LIMIT clauses specific to MySQL database
  • DOM simulation is turned off for hidden input types which causes a false-positive confirmed XSS vulnerability
  • Improved the "Name" form value pattern to match more inputs
  • Improved confirmation of Expression Language Injection vulnerability
  • Improved Frame Injection vulnerability details
  • Added .phtml extension to detect code execution via file upload
  • Improved blind SQL injection detection on some INNER JOIN cases
  • Improved external references section of "Remote Code Evaluation (PHP)" vulnerability
  • Added retest support for several vulnerability types
  • Improved Apache Tomcat detection patterns
  • Increased the number of sensitive comments reported
  • Improved text parser improvements
  • Added separate checks in scan policy for each supported web app fingerprint application

FIXES

  • Fixed an issue where imported relative links were not set correctly
  • Fixed an issue where scheduled scan names were duplicated
  • Fixed URL rewrite analysis to respect case sensitivity settings
  • Fixed a form authentication issue which image submit elements were not clicked
  • Fixed an issue occurs when the HTTP response body starts with unicode BOM
  • Fixed Open Redirect security checks where it should not perform DOM based checks if DOM checks are turned off
  • Fixed static resource finder where it was not following a redirect
  • Fixed DOM simulation hangs if a rogue JavaScript call enters an endless loop
  • Fixed slow XSS highlights on some responses
  • Fixed a bug where Full-Url LFI attack which is specific to Ruby-on-Rails applications could not be confirmed
  • Fixed a bug where XSS vulnerability could not be confirmed when injection occurs in the middle of a CSS style
  • Fixed a bug where generated XSS exploit did not work due to incorrect encoding
  • Fixed a bug where a false-positive file upload vulnerability was reported
  • Fixed a bug where maximum amount of hard fails was preventing next scan making HTTP requests
  • Fixed ""Missing Content-Type"" reporting issue where redirected responses should not be reported
  • Fixed an issue where send failures were not being handled while making HTTP requests
  • Fixed credit card reporting issue where the value specified in default form values section should not be reported
  • Fixed the trimmed parameter name issue on controlled scan panel
  • Fixed documentation for nginx vulnerability template that explains how to fix the issue
  • Fixed HSTS support for form authentication HTTP requests
  • Fixed a URI parsing issue where non-HTTP(S) protocols are ignored
  • Fixed a bug where an attribute based attack could not be confirmed as XSS
  • Fixed a bug where an injection with ""javascript:"" protocol for XSS attacks occurs after a new line
  • Fixed a bug where exploitation goes into loop and causes an unresponsive UI for error based SQLi
  • Fixed a bug where redirection happens relatively and reported as Open Redirect vulnerability
  • Fixed an issue where a Groovy RCE is reported as Perl RCE
  • Fixed a WSDL parsing issue where reference parameters were not handled correctly
  • Fixed a WSDL parsing issue where XML types were not handled correctly
  • Fixed an issue that occurs during form authentication with an HSTS site that performs redirects to an URL with http protocol
  • Fixed a bug where the hash is reported incorrectly in a DOM based XSS vulnerability
  • Fixed the misleading content in basic authentication over clear text vulnerability