ScannerVersionVendor
Gamja1.6Sanghun Jeon

Tested Against WAVSEP Version:
1.0

The SQL Injection Detection Accuracy of the Scanner:
Detection AccuracyChart
50.00% Detection Rate
80.00% False Positives
(68/136)
(8/10)
Response TypeInput VectorDetection RateDetails
Errorneous 500 ResponsesHTTP GET (Query String Parameters)17 out of 20Cases Detected: 1(1st&2nd),2,3,4,5,7,8,9, 10,12,13,14,15,17,18,19 Cases Missed: 6,11,16
Errorneous 500 ResponsesHTTP POST (Body Parameters)17 out of 20Cases Detected: 1(1st&2nd),2,3,4,5,7,8,9, 10,12,13,14,15,17,18,19 Cases Missed: 6,11,16
Errorneous 200 ResponsesHTTP GET (Query String Parameters)17 out of 20Cases Detected: 1(1st&2nd),2,3,4,5,7,8,9, 10,12,13,14,15,17,18,19 Cases Missed: 6,11,16
Errorneous 200 ResponsesHTTP POST (Body Parameters)17 out of 20Cases Detected: 1(1st&2nd),2,3,4,5,7,8,9, 10,12,13,14,15,17,18,19 Cases Missed: 6,11,16
Valid 200 ResponsesHTTP GET (Query String Parameters)0 out of 20Cases Missed: 1-19
Valid 200 ResponsesHTTP POST (Body Parameters)0 out of 20Cases Missed: 1-19
Identical 200 ResponsesHTTP GET (Query String Parameters)0 out of 8Cases Missed: 1-8
Identical 200 ResponsesHTTP POST (Body Parameters)0 out of 8Cases Missed: 1-0
False Positive SQLi Test CasesHTTP GET (Query String Parameters)8 out of 10False SQLi Cases: 1-4,6-8, and in addition various XSS instances (represented as an addition of 1)

The Reflected XSS Detection Accuracy of the Scanner:
Detection AccuracyChart
18.18% Detection Rate
14.29% False Positives
(12/66)
(1/7)
Response TypeInput VectorDetection RateDetails
Reflected XSSHTTP GET (Query String Parameters)6 out of 33Cases Detected: 1-4,30(1st&2nd) Cases Missed: 5-29,31,32
Reflected XSSHTTP POST (Body Parameters)6 out of 33Cases Detected: 1-4,30(1st&2nd) Cases Missed: 5-29,31,32
False Positive RXSS Test CasesHTTP GET (Query String Parameters)1 out of 72

WAVSEP Scan Log:
The tool does not support any configurable options. I used the following commands to execute the scanner:
perl gamja.pl http://192.168.46.2:8080/wavsep/index-xss.jsp
perl gamja.pl http://192.168.46.2:8080/wavsep/index-sql.jsp
perl gamja.pl http://192.168.46.2:8080/wavsep/index-false.jsp


Copyright © 2010-2016 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.