| Logo | Scanner | Version | Vendor |
 | WebSecurify (Opensource Version) | 0.9 | GNU Citizen |
| Tested Against WAVSEP Version: |
| Detection Accuracy | Chart | ||||
| 58.82% Detection Rate 50.00% False Positives | (80/136) (5/10) |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 20 out of 20 | Cases Detected: 1(1st&2nd),2-19 |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 20 out of 20 | Cases Detected: 1(1st&2nd),2-19 |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 20 out of 20 | Cases Detected: 1(1st&2nd)-19 |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 20 out of 20 | Cases Detected: 1(1st&2nd)-19 |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 0 out of 20 | Cases Missed: 1-19 |
| Valid 200 Responses | HTTP POST (Body Parameters) | 0 out of 20 | Cases Missed: 1-19 |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 0 out of 8 | Cases Missed: 1-8 |
| Identical 200 Responses | HTTP POST (Body Parameters) | 0 out of 8 | Cases Missed: 1-8 |
| False Positive SQLi Test Cases | HTTP GET (Query String Parameters) | 5 out of 10 | 2,4,6,7,8 |
| Detection Accuracy | Chart | ||||
| 57.58% Detection Rate 0.00% False Positives | (38/66) (0/7) |
| Response Type | Input Vector | Detection Rate | Details |
| Reflected XSS | HTTP GET (Query String Parameters) | 19 out of 33 | Detected: 1-8,10,11,13,14,17,18,20,30(1st&2nd),31,32 Missed: 9,12,15,16,19,21-29 Experimental: 3 |
| Reflected XSS | HTTP POST (Body Parameters) | 19 out of 33 | Cases Detected: 1-8,10,11,13,14,17,18,20,30(1st&2nd),31,32 Missed: 9,12,15,16,19,21-29 Experimental: 3 |
| False Positive RXSS Test Cases | HTTP GET (Query String Parameters) | 0 out of 7 | None! |
| Detection Accuracy | Chart | ||||
| 31.62% Detection Rate 0.00% False Positives | (258/816) (0/8) |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 28 out of 68 | Confirmed: 1,3,5,7,9-24,38,40,42,44,54,56,58,60 |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 15 out of 68 | Confirmed: 3,5,7,11-14,17-20,22,23,38,54 |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 28 out of 68 | Confirmed: 1,3,5,7,9-24,38,40,42,44,54,56,58,60 |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 15 out of 68 | Confirmed: 3,5,7,11-14,17-20,22,23,38,54 |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 28 out of 68 | Confirmed: 1,3,5,7,9-24,38,40,42,44,54,56,58,60 |
| Valid 200 Responses | HTTP POST (Body Parameters) | 15 out of 68 | Confirmed: 3,5,7,11-14,17-20,22,23,38,54 |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 28 out of 68 | Confirmed: 1,3,5,7,9-24,38,40,42,44,54,56,58,60 |
| Identical 200 Responses | HTTP POST (Body Parameters) | 15 out of 68 | Confirmed: 3,5,7,11-14,17-20,22,23,38,54 |
| Redirect (302) Responses | HTTP GET (Query String Parameters) | 28 out of 68 | Confirmed: 1,3,5,7,9-24,38,40,42,44,54,56,58,60 |
| Redirect (302) Responses | HTTP POST (Body Parameters) | 15 out of 68 | Confirmed: 3,5,7,11-14,17-20,22,23,38,54 |
| Erroneous 404 Responses | HTTP GET (Query String Parameters) | 28 out of 68 | Confirmed: 1,3,5,7,9-24,38,40,42,44,54,56,58,60 |
| Erroneous 404 Responses | HTTP POST (Body Parameters) | 15 out of 68 | Confirmed: 3,5,7,11-14,17-20,22,23,38,54 |
| False Positive Lfi Test Cases | HTTP GET (Query String Parameters) | 0 out of 8 | None! |
| The scan was separately initiated in front of the various vulnerable index pages. Since due to an unknown bug/configuration issue, the scanner didn't manage to scan the index page inside the individual vulnerable directories,
I created an index page in the root directory for each SQLi directory pair (GET & POST), and scanned the main index page for each other vulnerability. The results were consistent, and were obtained using Websecurify 0.9 (final). |
| Detection Accuracy | Chart | ||
| 28.0% Detection Rate |
| Initialized WIVET's session, defined fiddler as an upstream proxy (by
defining it in firefox prior to running the software), in which I used the filter features to define a valid session identifier, and finally, I edited menu.php in WIVET and excluded the logout URL (100.php). Initially I did not manage to scan WIVET with websecurify, but after I attempted to overcome the frameset context bug by fixing the menu links issue (by adding pages/), it worked perfectly. Scanning index.php and menu.php produced the same results. |