ScannerVersionVendor
LoverBoy1.0Ashaman Boyd

Tested Against WAVSEP Version:
1.0

The SQL Injection Detection Accuracy of the Scanner:
Detection AccuracyChart
0.00% Detection Rate
0.00% False Positives
(0/136)
(0/10)
Response TypeInput VectorDetection RateDetails
Errorneous 500 ResponsesHTTP GET (Query String Parameters)0 out of 20Execution Failed.
Errorneous 500 ResponsesHTTP POST (Body Parameters)0 out of 20Execution Failed.
Errorneous 200 ResponsesHTTP GET (Query String Parameters)0 out of 20Execution Failed.
Errorneous 200 ResponsesHTTP POST (Body Parameters)0 out of 20Execution Failed.
Valid 200 ResponsesHTTP GET (Query String Parameters)0 out of 20Execution Failed.
Valid 200 ResponsesHTTP POST (Body Parameters)0 out of 20Execution Failed.
Identical 200 ResponsesHTTP GET (Query String Parameters)0 out of 8Execution Failed.
Identical 200 ResponsesHTTP POST (Body Parameters)0 out of 8Execution Failed.
False Positive SQLi Test CasesHTTP GET (Query String Parameters)0 out of 10Execution Failed.

WAVSEP Scan Log:
I configured an http proxy (to see if it is working), increased the timeout for exploitation to 60 seconds and for crawling to 35 minutes, checked the ?scan for vulnerabilities? checkbox, checked the logging checkbox and chose a name for the log file, checked the ?include MySQL? in the included vulnerability scanners. I also tried the same settings without proxy configuration, and on several initial URLs:
http://192.168.110.1:8080/wavsep/index-sql.jsp
http://192.168.110.1:8080/wavsep/index-false.jsp
I even transferred the content of index-sql.jsp and index-false.jsp into the index.jsp file, and scan from the initial point of access:
http://192.168.110.1:8080/wavsep/
http://192.168.110.1:8080/wavsep
The tool failed the crawling process over and over. For some reason, it only managed to begin scanning the default pages of tomcat, but still failed crawling through my pages (with or without proxy).


Copyright © 2010-2016 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.