| Scanner | Version | Vendor |
| SQID (SQL Injection Digger) | 0.3 | Metaeye Security Group |
| Tested Against WAVSEP Version: |
| Detection Accuracy | Chart | ||||
| 0.00% Detection Rate 0.00% False Positives | (0/136) (0/10) |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 0 out of 20 | Cases Missed: 1-19 |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 0 out of 20 | Cases Missed: 1-19 |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 0 out of 20 | Cases Missed: 1-19 |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 0 out of 20 | Cases Missed: 1-19 |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 0 out of 20 | Cases Missed: 1-19 |
| Valid 200 Responses | HTTP POST (Body Parameters) | 0 out of 20 | Cases Missed: 1-19 |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 0 out of 8 | Cases Missed: 1-8 |
| Identical 200 Responses | HTTP POST (Body Parameters) | 0 out of 8 | Cases Missed: 1-8 |
| False Positive SQLi Test Cases | HTTP GET (Query String Parameters) | 0 out of 10 | None |
| I initiated a scan in front of the index pages with the following commands (burp proxy was used to verify the tool is working properly):
sqid -m crawl --crawl http://192.168.46.2:8080/wavsep/index-sql.jsp -a -v -D sqid.db -P localhost:9999 sqid -m crawl --crawl http://192.168.46.2:8080/wavsep/index-false.jsp -a -v -D sqid.db -P localhost:9999 The tool crawled some of the public URLs, but found nothing. A further examination (BURP) showed that the tool did not perform ANY tests on the pages found. Scanning through a URL file caused the tool to access the various URLs (while ignoring the proxy definitions), but again, no exposures were found (assuming they were actually tested). |