| Scanner | Version | Vendor |
| Mini MySqlat0r | 0.5 | SCRT Information Security |
| Tested Against WAVSEP Version: |
| Detection Accuracy | Chart | ||||
| 26.47% Detection Rate 0.00% False Positives | (36/136) (0/10) |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 9 out of 20 | Cases Detected: 6-8,11-13,16-18 Cases Missed: 1-5,9,10,14,15,19 |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 2 out of 20 | Cases Detected: 11,12 Cases Missed: 1-10,13-19 |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 9 out of 20 | Cases Detected: 6-8,11-13,16-18 Cases Missed: 1-5,9,10,14,15,19 |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 2 out of 20 | Cases Detected: 11,12 Cases Missed: 1-10,13-19 |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 9 out of 20 | Cases Detected: 6-8,11-13,16-18 Cases Missed: 1-5,9,10,14,15,19 |
| Valid 200 Responses | HTTP POST (Body Parameters) | 2 out of 20 | Cases Detected: 11,12 Cases Missed: 1-10,13-19 |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 3 out of 8 | Cases Detected: 1-3 Cases Missed: 4-8 |
| Identical 200 Responses | HTTP POST (Body Parameters) | 0 out of 8 | Cases Missed: 1-8 |
| False Positive SQLi Test Cases | HTTP GET (Query String Parameters) | 0 out of 10 | None |
| I attempted to start crawling the index-sql.jsp page, and found out that the tool was not able to crawl the application in this manner, so I copied the content of the files index-sql.jsp & index-false.jsp to index.jsp, and scanned the folder root URL:
http://192.168.46.2:8080/wavsep/ (The tool successfully crawled all the pages). I then selected all the parameters in the ?SQL Injection Finder? tab, and initiated the scan. |