| Logo | Scanner | Version | Vendor |
 | Paros Proxy | 3.2.13 | MileSCAN Technologies |
| Tested Against WAVSEP Version: |
| Detection Accuracy | Chart | ||||
| 77.21% Detection Rate 40.00% False Positives | (105/136) (4/10) |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 19 out of 20 | Cases Detected: 1(1st&2nd),2-18 Cases Missed: 19 |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 18 out of 20 | Cases Detected: 1(1st),2-18 Cases Missed: 1(2nd),19 |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 19 out of 20 | Cases Detected: 1(1st&2nd),2-18 Cases Missed: 19 |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 18 out of 20 | Cases Detected: 1(1st),2-18 Cases Missed: 1(2nd),19 |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 14 out of 20 | Inconsistent Results (Minor). Cases Detected: 1(1st&2nd),3,4,6-8,11-13,15-18 Cases Missed: 2,5,9,10,14,19 |
| Valid 200 Responses | HTTP POST (Body Parameters) | 11 out of 20 | Cases Detected: 3, 6-8,11-13,15-18 Cases Missed: 1(1st&2nd),2,4,5,9,10,14,19 |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 3 out of 8 | Cases Detected: 1,2,3 Cases Missed: 4-8 |
| Identical 200 Responses | HTTP POST (Body Parameters) | 3 out of 8 | Cases Detected: 1,2,3 Cases Missed: 4-8 |
| False Positive SQLi Test Cases | HTTP GET (Query String Parameters) | 4 out of 10 | 2,4,6,8 |
| Detection Accuracy | Chart | ||||
| 24.24% Detection Rate 42.86% False Positives | (16/66) (3/7) |
| Response Type | Input Vector | Detection Rate | Details |
| Reflected XSS | HTTP GET (Query String Parameters) | 8 out of 33 | Cases Detected: 1-5,30(1st&2nd),32 Cases Missed: 6-29,31 |
| Reflected XSS | HTTP POST (Body Parameters) | 8 out of 33 | Cases Detected: 1-5,30(1st&2nd),32 Cases Missed: 6-29,31 |
| False Positive RXSS Test Cases | HTTP GET (Query String Parameters) | 3 out of 7 | 1,2,6 |
| I enabled all the injection plugins in Paros and executed the tool in-front of the following URLs:
http://localhost:8080/wavsep/index-xss.jsp http://localhost:8080/wavsep/index-sql.jsp http://localhost:8080/wavsep/index-false.jsp Performing additional scans in the same session results in the discovery of additional vulnerabilities, particularly in SQL-200-Valid (case 1(2nd), case 4). It is currently unclear whether the reason for the inconsistency is the scanner or the behavior of the vulnerable pages. Updated Obsolete File Scan: Plugins used: "Obsolete file", "Obsolete file extended check", "directory browsing". Scan process: used the spider twice on the obsolete files root directory, scanned twice from the obsolete files directory root, and once more from wavsep's root directory (so the scanner will have a chance to detect WEB-INF compressed folders). |
| Detection Accuracy | Chart | ||
| 10.0% Detection Rate |
| Initialized WIVET's session, limited the spider threads to 1 single thread and the depth to the max, defined the upstream proxy to fiddler, in which I used the filter features to define a valid session identifier, and finally, I edited menu.php in WIVET and excluded the logout URL (100.php). |