Version 8 of the Acunetix application is one of the popular versions, which is the most common cracked version that was published on the net and used by many newbie hackers. Many of the new hackers or other guys scan their sites with Acunetix for the common vulnerability.
Acunetix is a powerful tool for scanning and finding vulnerabilities at websites. Many newbie attackers tend to use this tool due to the simplicity of its use ACUNETIX offers its users a simple wizard base scan that covers many aspects of the vulnerability scan. feature in Acunetix that allows to scan the additional domains or sub-domains detected during the scan.
Danor, have found the Buffer Overflow Vulnerability in Acunetix 8. Researcher explains the vulnerabilities as
After a little research about this option, I figured out that ACUNETIX starts its wizard by sending an HTTP request to the site and learning about it from its HTTP response.Danor found that if the 'external' source url's length is larger than 268Bytes, the Acunetix vulnerability scanner will get crashed. So if attacker use put some kind of external source at site, which have the length of 268 Byte’s or more, Acunetix get crashed, say something like this:
Furthermore the wizard learns about the external related domains from the external sources that appear at the website, for example:
“<img src=http://externalSource.com/someimg.png >”
“<a href=http://externalSource.com/ ></a>”
Etc...
<A href=“http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAA”>
Further more exploiting the vulnerability Researcher successfully managed to execute the (calc.exe). So attacker can modify the code with the malicious code and infect the computers of newbies with a malware who attempt to scan their websites.