What vulnerabilities does arctil check for

The arctil web security assessment tool comes with an array of scanning techniques to detect common web application vulnerabilities. You'll be able to see a full break down of each vulnerability arctil checks for.

Injection vulnerabilities

SQL Injection

SQL injection vulnerabilities are based around unsanitized database input to allow an attack to execute malicious queries. This attack can range from login bypass all the way through to command execution, for more information you can check out this help article

• Cross Site Scripting

Cross site scripting (also known as XSS) is the process of injection HTML and Javascript code into a website for malicious gains, we have a great help article which goes ito far more detail.

• Command Execution

OS command injection can allow an attacker to execute system level commands fully compromise the operating system a website or application runs on. For more information check out the following link.

• LDAP Injection

LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input.

• XPath Injection

XPath injection is a type of attack where a malicious input can lead to un-authorised access or exposure of sensitive information such as structure and content of XML document.


Redirect vulnerabilities

• Unvalidated Redirects

Unvalidated redirects are possible when a web application accepts untrusted input that can cause the web application to redirect the request to a URL. You can learn more by checking out our help article.

File inclusion vulnerabilities

• Remote File Inclusion

Inclusion or remote files, RFI attack's range from sensitive information disclosure to remote code execution. For more information see our help article.

• Local File Inclusion

Local File Inclusion is the process of including files that are already locally present on the server, through the exploitation of vulnerable inclusion procedures. To dive into more information we have a great article all about this, here's a link.

Other vulnerabilities

• Basic Authentication Over HTTP

User credentials are being transmitted over HTTP in plain text, this can allow for credential stealing.

• Open Directory Listing

Directory listing can give attackers an insight into the website structure and allow easy browsing of stored files, here's a link with more information.

Still need help?

Are you having trouble using arctil? Why not try reaching out to our Community Forum.

Alternatively, you can try contacting us through the Contact page.