There is a feature in Acunetix that allows to scan the additional domains or subdomains detected during the scan.
"It learns about the external related domains from the external sources that appear at the scanned website, for example: "<a href=http://externalSource.com/ ></a>"
Danor found that if the 'external' source url's length is larger than 268Bytes, the Acunetix vulnerability scanner will get crashed.
For Ex:
<A href= “http://AAAAAAAAAAAAAAAAAAAAAAAAAA...........AAAAA”>
Researcher managed to exploit this vulnerability and successfully launched an executable file(calc.exe). By modifiying the code, one can infect the computers of newbies with a malware who attempt to scan their websites.
More technical details are available at his blog post.
Here is Proof of concept video:
*Update*:
Acunetix says this vulnerability affects only the illegitimate(cracked) copies of Acunetix WVS.
"The blogger seems to have managed to pull his exploit by using a cracked version of v8. The cracked version, probably required the replacement of the official executable with a vulnerable one." Acunetix says.
"Once again we want to re-assure all users of legitimate installations of Acunetix WVS that they are in no danger, and are not affected by this at all"
