Ashiyane DST Discover DLL Flaws in Acunetix

Security researchers from the elite Ashiyane Digital Security Team have discovered a vulnerability in Acunetix -version 10.0-

Acunetix is a company that makes web and network application scanners. Acunetix automatically crawls and scans off-the-shelf and custom-built websites and web applications for SQL Injection, XSS, XXE, SSRF, Host Header Attacks & over 3000 other web vulnerabilities.

The discovery by Ashiyane shows that local attackers can inject code to vulnerable dynamic link libraries -DLLs- to compromise the process or to gain higher access privileges.

The affected DLLs are:

  • ssleay32.dll
  • libeay32.dll
  • pcre.dll
  • sqlite3.dll
  • SciLexer.dll

Link & way to mitigate the vulnerability: https://cxsecurity.com/issue/WLB-2016110196
See here for all the vulnerabilities discovered by Ashiyane.

Ashiyane Digital Security Team websites: www.ashiyane.ir & www.ashiyane.org

Leave a Reply

Your email address will not be published. Required fields are marked *