SmartScanner Release Notes
Version 1.24 – October 2, 2024
New Features:
- Added Proof of Concept (POC) for XSS and SQL injection vulnerabilities.
- SQL Injection for MemSQL database
- Test for PHP CGI Argument Injection RCE (CVE-2024-4577 and CVE-2012-1823)
- Separate classification section in vulnerability details
Improvements:
- Better XSS detection in script tags
- Improved error detection
Bug Fixes:
- Fixed incorrect PHP error detection
Updates:
- Updated Vulnerable OpenSSL Version.
- Updated Vulnerable Nginx Version.
- Updated Vulnerable Apache Version.
- Updated Vulnerable Tomcat Version.
- Updated Vulnerable PHP Version.
- Updated Vulnerable WordPress Version.
Version 1.23 – June 3, 2024
- Added support for the following technologies in scan configurations: Apache, Nginx, IIS, Tomcat, WordPress, Joomla, and Drupal.
- Separated Path Traversal tests from File Inclusion tests.
- Updated vulnerability descriptions and recommendations for greater clarity.
Improvements:
- Enhanced Microsoft SQL Server error-based SQL injection detection.
- Improved File Inclusion detection.
- Enhanced PHP Remote File Inclusion detection.
- Improved database error detection.
Bug Fixes:
- Corrected PHP version detection.
- Fixed missed XSS vulnerabilities on 404 pages.
- Fixed missed XSS vulnerabilities on pages without query parameters.
Updates:
- Updated Vulnerable OpenSSL Version.
- Updated Vulnerable Nginx Version.
- Updated Vulnerable Apache Version.
- Updated Vulnerable Tomcat Version.
- Updated Vulnerable PHP Version.
- Updated Vulnerable WordPress Version.
Version 1.22 – Feb 16, 2024
- New:
- New option in scan configurations to identify the target’s utilized technologies for enhancing the efficiency of the scan
- Detailed scan statistics by hovering on the Requests count in the scan window
- Support for manipulation of non-quoted JSON data
- Improvements:
- Improved Time-Based SQL Injection accuracy for MySQL database
- BugFix: False positive XSS detection in HTML attributes
- BugFix: Not loading of some sites when using the manual login option in the scan configurations
- Updated Vulnerable OpenSSL Version, Vulnerable Tomcat Version, and Vulnerable WordPress Version
Version 1.21 – Nov 13, 2023
- New:
- Html report format
- Option for adding custom cookies in scan configurations
- Option for adding custom headers in scan configurations
- Option for using HTTP basic and HTTP form login methods together
- Manual login in configurations now respects the proxy
- Improvements:
- Limit log display to last 150 logs to manage memory usage
- Some UX improvements in scan configurations
- BugFix: False positive in hidden resource test
- BugFix: Broken manual authentication in case of localStorage usage
- Updated Vulnerable OpenSSL Version, Vulnerable Apache Version, Vulnerable PHP Version, Vulnerable Tomcat Version, and Vulnerable WordPress Version
Version 1.20 – Aug 29, 2023
- New:
- XSS detection in URI
- XSS detection in 404 not found pages
- Support for detection of Lucee errors
- Improvements:
- Improved evaluation of AJAX links and testing dynamic contents
- Improved hidden resource detection
- Improved unix path disclosure detection
- Improved PHP error detection
- Improved XSS detection in HTTP headers
- Updated Vulnerable OpenSSL Version, Vulnerable PHP Version , and Vulnerable WordPress Version
Version 1.19 – May 30, 2023
- Improvements:
- Faster evaluation and testing of dynamic pages with JavaScript
- Improved AJAX processing and testing
- Updated Vulnerable Apache Version, Vulnerable Nginx Version, Vulnerable Tomcat Version, Vulnerable OpenSSL Version, and Vulnerable WordPress Version
Version 1.18 – February 15, 2023
- New:
- Insecure Inline Frame
- Unicode Transformation Issue
- User Controllable URL
- Microsoft IIS Tilde Directory Enumeration
- Finding injection vulnerabilities (e.g XSS, SQLI) in hidden and backup resources
- Improvements:
- Better exception handling and more log details
- Increased crawler speed and accuracy
- Improved Possible SQL Injection detection
- BugFix: missed PHP errors
- BugFix: Crash in testing known SQL injections
- BugFix: missed Blind SQL Injection vulnerabilities
- BugFix: missed known SQL Injections
- BugFix: missed Drupal RCE
- BugFix: missed Drupal SQL Injection vulnerability
- BugFix: WordPress user enumeration warning error
- BugFix: missed Java Object Insecure Deserialization vulnerability
- Improved WordPress 4.6 Blind OS Command Execution for none admin users
- Improved detection of XSS in various vectors
- Improved detection of XSS in edge cases when input is filtered
- Improved detection of XSS in redirected pages
- Improved hidden resource detection
- Updated Vulnerable Apache Version, Vulnerable Nginx Version, Vulnerable OpenSSL Version, and Vulnerable WordPress Version
Version 1.17.3 – December 26, 2022
- BugFix: Crash during scanning WordPress sites
- BugFix: Crash during scan
Version 1.17.2 – December 13, 2022
- BugFix: Crash during scan
Version 1.17.1 – December 11, 2022
- BugFix: Crash during scan
Version 1.17 – December 10, 2022
- New:
- Testing of JSON parameters (number and string types)
- Improvements:
- Optimzied memory usage
- Enhanced UI vulnerability list display
- BugFix: TLS initialization failed
- Minor improvements in error detection issues
Version 1.16 – October 10, 2022
- New:
- Support for all HTTP Verbs (POST,DELETE, PATCH, …) and custom headers in AJAX API (XMLHttpRequest)
- Smoother progress bar on the scan page
- Support for detection of errors in Ruby programming language
- Lazy load tests to optimize memory consumption
- Improvements:
- Updated Vulnerable PHP Version
- Updated Vulnerable WordPress Version
- Enhanced MySql database detection
- BugFix: False positive hidden resource detection
Version 1.15 – August 1, 2022
- New:
- Support for all HTTP Verbs (POST,DELETE, PATCH, …) and custom headers in JavaScript Fetch API
- Exporting vulnerability scan results in JSON format
- Improvements:
- Updated Vulnerable PHP Version
- Updated Vulnerable Apache Version to include CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-31813
- Updated Vulnerable Tomcat Version to include CVE-2022-34305
- Updated Vulnerable OpenSSL Version to include CVE-2022-2068, CVE-2022-2097, CVE-2022-2274
- Updated Vulnerable WordPress Version
Version 1.14 – June 6, 2022
- New:
- Apache Tomcat and Apache Struts detection
- Java runtime error detection
- Apache mod_jk Access Control Bypass - CVE-2018-11759
- Apache Struts 2 Forced double OGNL evaluation S2-059 - CVE-2019-0230
- Apache Struts 2 RCE S2-045 - CVE-2017-5638
- Apache Struts 2 REST plugin XStream RCE S2-052 - CVE-2017-9805
- Apache Struts OGNL expression RCE S2-057 - CVE-2018-11776
- Apache Tomcat JSP Upload RCE - CVE-2017-12615, CVE-2017-12617
- Vulnerable Tomcat Version
- Split the Server Version Disclosure based on Web server:
- Improvements:
- Updated Vulnerable WordPress Version
- Updated Vulnerable OpenSSL Version to include CVE-2022-1473, CVE-2022-1434, CVE-2022-1343 and, CVE-2022-1292
Version 1.13 – April 10, 2022
- New:
- Scan logs during scan
- Support for sitemaps in robots.txt
- Missing or Insecure Cache-Control Header
- Joomla! Component Advertisement Board 3.1.0 ‘catname’ SQLI - CVE-2018-5982
- Joomla! Component Aist 2.0 ‘id’ SQLI - CVE-2018-5993
- Joomla! Component AllVideos Reloaded 1.2.x ‘divid’ SQLI - CVE-2018-5990
- Joomla! Component CcNewsletter 2.x.x ‘id’ SQLI - CVE-2018-5989
- Joomla! Component Com_cbcontact ‘contact_id’ SQLI
- Joomla! Component Com_rsgallery2 2.0 ‘catid’ SQLI
- Joomla! Component Com_shop ‘editid’ SQLI
- Joomla! Component Com_shop ‘id’ SQLI
- Joomla! Component DT Register 3.2.7 ‘id’ SQLI - CVE-2018-6584
- Joomla! Component Fastball 2.5 ‘season’ SQLI - CVE-2018-6373
- Joomla! Component Google Map Landkarten 4.2.3 SQLI - CVE-2018-6396
- Joomla! Component InviteX 3.0.5 ‘invite_type’ SQLI - CVE-2018-6394
- Joomla! Component JB Bus 2.3 ‘order_number’ SQLI - CVE-2018-6372
- Joomla! Component JCK Editor 6.4.4 ‘parent’ SQLI - CVE-2018-17254
- Joomla! Component JEXTN Video Gallery 3.0.5 ‘id’ SQLI - CVE-2017-17872
- Joomla! Component JGive 2.0.9 SQLI - CVE-2018-5970
- Joomla! Component Jobs Factory 2.0.4 SQLI - CVE-2018-17382
- Joomla! Component JomEstate PRO 3.7 ‘id’ SQLI - CVE-2018-6368
- Joomla! Component Music Collection 3.0.3 SQLI - CVE-2018-17375
- Joomla! Component NextGen Editor 2.1.0 ‘plname’ SQLI
- Joomla! Component Odudeprofile 2.8 ‘profession’ SQLI
- Joomla! Component Reverse Auction Factory 4.3.8 SQLI - CVE-2018-17376
- Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 ‘alias’ SQLI - CVE-2018-6583
- Joomla! Pinterest Clone Social Pinboard 2.0 SQLI - CVE-2018-5987
- Improvements:
- BugFix: Fix wrong SubResource Integrity checking
- Improvement of testing for Content Security Policy
- BugFix: Disabled authentication options in scan config
- Updated Vulnerable PHP Version
- Updated Vulnerable WordPress Version
- Updated Vulnerable Apache Version to include CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943
- Updated Vulnerable OpenSSL Version to include CVE-2022-0778
Version 1.12 – February 7, 2022
- New:
- 64-bit version for Windows
- CRLF Injection in URL
- Open Redirection In URL
- Nginx Code Execution due to Misconfiguration
- Nginx Integer Overflow
- WordPress 4.6 Blind OS Command Execution
- Support for detection of errors in NodeJs
- Improvements:
- BugFix: A crash error
- BugFix: False positives in BREACH attack, Email Address Disclosure and, Source Code Disclosure
- Improvement of Header manipulation
- Optimization for Hidden/Backup resource tests
- Updated Vulnerable PHP Version
- Updated Vulnerable WordPress Version
Version 1.11 – December 12, 2021
- New:
- Host Header Injection
- WordPress Plugin Wpfilemanager 6.8 RCE
- Serialized Object Found
- Drupal7 Pre Auth SQLI
- Werkzeug Interactive Debugging is Active
- Apache mod_proxy 2.4.48 SSRF
- X-XSS-Protection Header is Missing retired and X-XSS-Protection Header is Set added
- Support for detection of errors in Python libraries like Django, Flask and Werkzeug
- Support for PHP and Java objects in Insecure Deserialization
- Support for using system’s proxy in the scan configurations
- Improvements:
- Minor bug fixes
- Drupal detection enhanced
- Improvement on multiple passive tests like error and source code detection,
- Updated Vulnerable PHP Version
- Updated Vulnerable WordPress Version
Version 1.10 – October 10, 2021
- New:
- Nginx Restriction Bypass via Space Character in URI (CVE-2013-4547)
- Apache 2.4.49 Path Traversal and RCE (CVE-2021-41773, CVE-2021-42013)
- Web Server Path Traversal (CVE-2017-14849)
- Insecure Deserialization
- Insecure Deserialization Remote Code Execution
- Cookie Accessible for Subdomains
- Session Cookie Accessible for Subdomains
- All issues mapped to OWASP Top 10 2021
- Improvements:
- Updated Vulnerable OpenSSL Version to include CVE-2021-3711 and CVE-2021-3712
- Updated Vulnerable Apache Version to include CVE-2021-40438, CVE-2021-39275, CVE-2021-36160, CVE-2021-34798, CVE-2021-33193, CVE-2021-41773, CVE-2021-41524, CVE-2021-41773 and CVE-2021-42013
- Updated Vulnerable PHP Version
- Updated Vulnerable WordPress Version
Version 1.9.1 – September 5, 2021
- Improvements:
- BugFix: Wrong emails in target information
Version 1.9.0 – September 5, 2021
- New:
- CSRF bypass support for weak password issues
- Tests for 12 known Joomla! vulnerabilities and one test for Drupal
- Cross-Site Scripting test generalized for easy adding of any known vulnerabilities in CMSs like WordPress, Drupal, Joomla, etc.
- Subresource Integrity is Missing
- Improvements:
- Enhanced passive tests for 404 pages
- BugFix: Bypassing weak password test in case of too many inputs in the login form
- BugFix: Duplicate login form detection
Version 1.8.0 – August 7, 2021
- New:
- SQL injection test generalized for easy adding of any known vulnerabilities in CMSs like WordPress, Drupal, Joomla, etc.
- Tests for 44 known WordPress SQL Injection vulnerabilities
- Passive Mixed Content
- Improvements:
- WordPress user identification improved
- BugFix: WordPress brute force
- BugFix: Scan doesn’t proceed when starting url contains unicode characters
Version 1.7.0 – July 7, 2021
- New:
- Improvements:
- Improved Fuzzing tests
- BugFix: False-positive XSS
- Updated SQL Injection tests for MySQL and PostgreSQL
- Updated Vulnerable Apache Version, Vulnerable Nginx Version, Vulnerable PHP Version and Vulnerable WordPress Version
Version 1.6.0 – June 8, 2021
- New:
- Test for the ShellShock Bug
- Enhanced application error detection. Detailed Application Error and Detailed Application and Database Error
- Fuzzing parameter names like URL query, Cookie or HTTP form Post parameter names
- Automatic detection of ineffective parameters like those used in the query to bypass browser cache. This will prevent unnecessary tests on such parameters and increase scan speed.
- Improvements:
- Add support for .NET error detection in Application Error
Version 1.5.0 – May 6, 2021
- New:
- New fuzzer script
- Buffer Overflow
- Improvements:
- Enhanced Application Error and Database Error
- Enhanced custom 404 page detector
Version 1.4.0 – April 4, 2021
- New:
- Automatic Drupal and Joomla! detection
- Joomla! ‘J2Store < 3.3.7’ SQL Injection
- Drupal ‘Drupalgeddon2’ Remote Code Execution
- Improvements:
- Updated Vulnerable OpenSSL Version to include CVE-2021-23840, CVE-2021-23841, CVE-2021-3449 and, CVE-2021-3450 OpenSSL advisories
Version 1.3.0 – March 9, 2021
- New:
- Improvements:
- Updated Vulnerable OpenSSL Version to include CVE-2021-23841, CVE-2021-23840 and CVE-2021-23839 OpenSSL advisories
- Improved Crawler Performance: Faster processing of pages
- BugFix: False-negative Unreferenced resource detection
- BugFix: Broken PDF report layout
Version 1.2.0 – February 1, 2021
- New:
- Improvements:
- Improved Crawler Performance: Automatic detection & limitation of content pages like ecomerce product pages.
- New “Requested URL” attribute for unreferenced/old file issue reports
- Minor improvements on Form Brute Force and unreferenced login page tests
- BugFix: False-negative & False-positive Unreferenced resource detection
- BugFix: Broken link issue for sitemap
Version 1.1.0 – January 6, 2021
- New:
- Expression Language Injection test
- WordPress User Enumeration test
- Sitemap test
- Test profiles in scan configs with predefined and custom profiles
- Improvements:
- Support for WordPress in Form Brute Force test
- Support for PHP 8.0 in phpinfo() test
- CVE-2020-1971 added to “Vulnerable OpenSSL Version” test
- Better detection of session cookies
- Minor enhancements in “Breach Attack”, “X-Frame-Options Header is Missing”, “Referrer-Policy Header is Missing”, “Basic Authentication Over HTTP”, “Robots.txt” tests
- Support for MariaDB in “Database Error” and SQLi tests
- BugFix: False-positive Source Code disclosure detection
- BugFix: Wrong results in Form Brute Force test
- BugFix: Wrong URL detection in crawler
- BugFix: Random crash
Version 1.0.0 – December 1, 2020
- Initial version