You can now find Cyber Kendra on Google News | Telegram

Zero day :- Acunetix scanner suffer Buffer Overflow vulnerability

acunetix 8, acunetix 8 buffer over flow, Buffer Overflow vulnerability in Acunetix scanner, Buffer Overflow vulnerability, hackers got hacked, Hacker news,IT Security News,Malware report,vulnerability,hacking news,Cyber crime,Spam mails,the hacker, Hacker news,IT Security News,information security,vulnerability,hacking news,Cyber crime,the hacker, Acunetix vulnerability, hacked by Acunetix
Few weeks ago, Danor Cohen, a Security researcher who recently discovered the 'WinRAR file spoofing vulnerability, have once again discovered one more zero (0) day vulnerability on one of the popular web application vulnerability scanner 'Acunetix'.

As version 8 of the Acunetix application is one of the popular version, which is the most common cracked version which was published in the net and used by many newbie hackers. May of the new hackers or other guys scan there site with Acunetix for the common vulnerability.
Acunetix is a powerful tool for scanning and finding vulnerabilities at websites. Many newbie attackers tend to use this tool due to the simplicity of its use ACUNETIX offers its users a simple wizard base scan that covers many aspects of the vulnerability scan. feature in Acunetix that allows to scan the additional domains or sub-domains detected during the scan.

Danor, have found the Buffer Overflow Vulnerability in Acunetix 8. Researcher explains the vulnerabilities as
After a little research about this option, I figured out that ACUNETIX starts its wizard by sending an HTTP request to the site and learning about it from its HTTP response.
Furthermore the wizard learns about the external related domains from the external sources that appear at the website, for example:
“<img src= >”
“<a href= ></a>”
Danor found that if the 'external' source url's length is larger than 268Bytes, the Acunetix vulnerability scanner will get crashed. So if attacker use  put some kind of external source at site, which have the length of 268 Byte’s or more, Acunetix get crashed, say something like this:
What can Attacker Do?
Further more exploiting the vulnerability Researcher successfully managed to execute the (calc.exe). So attacker can modify the code with the malicious code and infect the computers of newbies with a malware who attempt to scan their websites.

For this Zeroday Vulnerability, Danor have shown a video demonstration.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.