Detailed Scan Results - aidSQL - WAVSEP Benchmark 2014/2016

Logo	Scanner	Version	Build	Vendor
	aidSQL	02062011	255	Lynxec

Tested Against WAVSEP Version:

1.0.3

The SQL Injection Detection Accuracy of the Scanner:

Detection Accuracy

Chart

11.76% Detection Rate
0.00% False Positives

(16/136)
(0/10)

Response Type	Input Vector	Detection Rate	Details
Errorneous 500 Responses	HTTP GET (Query String Parameters)	4 out of 20	Cases Detected: 1(1st),2,7,17 Cases Missed: 1(2nd),3-6,8-16,18,19
Errorneous 500 Responses	HTTP POST (Body Parameters)	0 out of 20	Cases Missed: 1(1st&2nd)-19 (POST not supported?)
Errorneous 200 Responses	HTTP GET (Query String Parameters)	8 out of 20	Cases Detected: 1(1st),2,6,7,11,12,16,17 Cases Missed: 1(2nd),3-5,8-10,13-15,18,19
Errorneous 200 Responses	HTTP POST (Body Parameters)	0 out of 20	Cases Missed: 1(1st&2nd)-19 (POST not supported?)
Valid 200 Responses	HTTP GET (Query String Parameters)	4 out of 20	Cases Detected: 1(1st),2,7,17 Cases Missed: 1(2nd),3-6,8-16,18,19
Valid 200 Responses	HTTP POST (Body Parameters)	0 out of 20	Cases Missed: 1(1st&2nd)-19 (POST not supported?)
Identical 200 Responses	HTTP GET (Query String Parameters)	0 out of 8	Cases Missed: 1(1st&2nd)-19
Identical 200 Responses	HTTP POST (Body Parameters)	0 out of 8	Cases Missed: 1(1st&2nd)-19 (POST not supported?)
False Positive SQLi Test Cases	HTTP GET (Query String Parameters)	0 out of 10	None

WAVSEP Scan Log:

In order to test aidsql, I used a backtrack 5 station with php5.3.2 installed, made sure that php5-cli was installed and installed php5-curl myself.
I downloaded the latest stable release (02062011), edited the "aidsql.conf" file, made sure that jsp is in the list of interesting extensions, changed the "immediate-mode" definition to "no", and left the rest of the defaults without change.
I executed aidsql against each individual directory using the following command:
./aidsql --url=http://IP:port/wavsep/[directory-name]/index.jsp
The tool crawled all the URLs, seemed to scan them properly, and immediately exploited vulnerabilities that were found.
I also tried testing the latest SVN version (r255, updated in May 2011), but had errors similar to the errors I got in the first benchmark, and since it was a few days before the current benchmark release, I didn't have time to find a solution for the issue.