XSSS0.40Sven Neuhaus

Tested Against WAVSEP Version:

The Reflected XSS Detection Accuracy of the Scanner:
Detection AccuracyChart
33.33% Detection Rate
71.43% False Positives
Response TypeInput VectorDetection RateDetails
Reflected XSSHTTP GET (Query String Parameters)5 out of 33Crashed during the test. Cases Detected: 1-5 Cases Missed: 6-32
Reflected XSSHTTP POST (Body Parameters)17 out of 33Cases Detected: 1-7,11,14,17,20,22,25,27-30(1st) Cases Missed: 8-10,12,13,15,16,18,19,21, 23,24,26,30(2nd),31,32
False Positive RXSS Test CasesHTTP GET (Query String Parameters)5 out of 71,2,4,6,7

WAVSEP Scan Log:
I installed the dependencies, gave the perl script execution permission, and then executed the tool in front of the root URL of the public section of the application, while enabling the form scanning feature (the public section should be completely covered by the default crawling depth of the tool, which is 5, so no additional configuration changes were made). I used the following execution commands:
./xss --forms
./xss --forms
The tool did not manage to crawl the application pages, but I eventually managed to scan the directories using the following commands:
./xss --forms

Copyright © 2010-2016 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.