| Scanner | Version | Vendor |
| Oedipus | 1.8.1 | Jordan Del Grande |
| Tested Against WAVSEP Version: |
| Detection Accuracy | Chart | ||||
| 58.82% Detection Rate 40.00% False Positives | (80/136) (4/10) |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 15 out of 20 | Cases Detected: 1(1st&2nd)-14 Cases Missed: 15-19 |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 15 out of 20 | Cases Detected: 1(1st&2nd)-14 Cases Missed: 15-19 |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 15 out of 20 | Cases Detected: 1(1st&2nd)-14 Cases Missed: 15-19 |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 15 out of 20 | Cases Detected: 1(1st&2nd)-14 Cases Missed: 15-19 |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 5 out of 20 | Inconsistent Results. Cases Detected: 1(1st&2nd),4,9,11 Cases Missed: 2,3,5-8,10,12-19 |
| Valid 200 Responses | HTTP POST (Body Parameters) | 6 out of 20 | Inconsistent Results. Cases Detected: 1(1st),2,9,12,16,17 Cases Missed: 1(2nd),3-8,10,11,13-15,18,19 |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 4 out of 8 | Inconsistent Results. Caseses Detected: 3-6 Cases Missed: 1,2,7,8 |
| Identical 200 Responses | HTTP POST (Body Parameters) | 5 out of 8 | Inconsistent Results. Caseses Detected: 1,3-6 Cases Missed: 2,7,8 |
| False Positive SQLi Test Cases | HTTP GET (Query String Parameters) | 4 out of 10 | 1,2,6 (identified as errors); the false positive RXSS case 5 and the RXSS cases 27,30,32 are all identified as vulnerable to SQL injection. RXSS FP case 5 was included in the SQL false positive count. |
| Detection Accuracy | Chart | ||||
| 24.24% Detection Rate 42.86% False Positives | (16/66) (3/7) |
| Response Type | Input Vector | Detection Rate | Details |
| Reflected XSS | HTTP GET (Query String Parameters) | 8 out of 33 | Cases Detected: 1-5,30(1st&2nd),32 Cases Missed: 6-29,31 |
| Reflected XSS | HTTP POST (Body Parameters) | 8 out of 33 | Cases Detected: 1-5,30(1st&2nd),32 Cases Missed: 6-29,31 |
| False Positive RXSS Test Cases | HTTP GET (Query String Parameters) | 3 out of 7 | 1,2,6 |
| I used burp to create a log file by activating the spider feature on the various application pages.
The following links were crawled: http://192.168.1.100:8080/wavsep/index-full.jsp http://192.168.1.100:8080/wavsep/index-sql.jsp http://192.168.1.100:8080/wavsep/index-xss.jsp http://192.168.1.100:8080/wavsep/index-false.jsp I executed the o_analyzer on the log file generated by burp, and scanned the application using the output of this analysis: ruby o_analyzer.rb -f WavsepForOedipus.log -t burp http://192.168.1.100 ruby o_scanner.rb -f 03Dec2010151028.oedipus.192.168.1.100\input.oedipus -w all -y 127.0.0.1:9999 -p 8080 http://192.168.1.100 During the scan I experienced a number of memory leaks that caused the tool to crash (particularly in case 11 of 500Error and 200Error), and it took some effort and adjustments to complete the scan (deleting Case11 URLs from the input.oedipus file, increasing the RAM allocated to the VM, etc). The tool's results in the SQLi-200-Valid and SQLi-200-Identical cases were inconsistent, and changed from scan to scan. |