| Scanner | Version | Vendor |
| SkipFish | 2.10 | Michal Zalewski - Google |
| Tested Against WAVSEP Version: |
| Detection Accuracy | Chart | ||||
| 76.47% Detection Rate 0.00% False Positives | (104/136) (0/10) |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 20 out of 20 | Detected: 1(1st&2nd),2-19 (Previously Detected: 1,2,5-8,11,15) |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 20 out of 20 | Detected: 1(1st&2nd),2-19 (Previously Detected: 1,2,5-8,11) |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 20 out of 20 | Detected: 1(1st&2nd),2-19 (Previously Detected: 1(1st),2,5-8,11,14-18 200Error-Experimental-GET: 1) |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 20 out of 20 | Detected: 1(1st&2nd),2-19 (Previously Detected: 1(1st),2,5-8,11,14,15,17,18 200Error-Experimental-POST: 1) |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 10 out of 20 | Detected: 2,5,6,7,10,11,12,15,16,17 (Previously Detected: 2,5,6,7,11,15) |
| Valid 200 Responses | HTTP POST (Body Parameters) | 10 out of 20 | Detected: 2,5,6,7,10,11,12,15,16,17 (Previously Detected: 2,5,6,7,11) |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 3 out of 8 | Detected: 1-3 |
| Identical 200 Responses | HTTP POST (Body Parameters) | 1 out of 8 | Detected: 3 (Previously Detected: 1-3) |
| False Positive SQLi Test Cases | HTTP GET (Query String Parameters) | 0 out of 10 | None |
| Detection Accuracy | Chart | ||||
| 93.94% Detection Rate 0.00% False Positives | (62/66) (0/7) |
| Response Type | Input Vector | Detection Rate | Details |
| Reflected XSS | HTTP GET (Query String Parameters) | 31 out of 33 | Detected: 1-26,29,30(1st&2nd),31,32 (Previously Detected: 1,5,6,10,11,12,16,24,26,30(1st)) |
| Reflected XSS | HTTP POST (Body Parameters) | 31 out of 33 | Detected: 1-26,29,30(1st&2nd),31,32 (Previously Detected: 1,5,6,10,11,12,16,24,29,30(1st)) |
| False Positive RXSS Test Cases | HTTP GET (Query String Parameters) | 0 out of 7 | None |
| Detection Accuracy | Chart | ||||
| 82.35% Detection Rate 25.00% False Positives | (672/816) (2/8) |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 61 out of 68 | Detected: 1-3,5-25,28-37,39-53,55-64,66,68 (Previously Detected (win): 1-9,13,25,45,46,57) |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 37 out of 68 | Detected: 1-3,5-25,28-37,39-41 (Previously Detected (win): 1,2,3,5,6,8,9,11,25,46,57) |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 58 out of 68 | Detected: 1-3,5-25,28-37,39-48,50,52,53,55-64,66 (Previously Detected (win): 1,2,3,6,9,25,40,45,57,58) |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 53 out of 68 | Detected: 1,2,8-25,28-37,39-44,46-48,50,52,53,55-60,62-64,66,68 (Previously Detected (win): 1,2,3,6,9,11,25,40,46,57,58) |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 59 out of 68 | Detected: 1-3,5-25,28-37,39-48,50,52,53,55-64,66,68 (Previously Detected (win): 1,2,3,6,9,25,45,57) |
| Valid 200 Responses | HTTP POST (Body Parameters) | 56 out of 68 | Detected: 1-3,5-11,13-25,28-37,39-44,46-48,50,52,53,55-60,62-64,66,68 (Previously Detected (win): 1,2,3,6,9,11,25,40,46,57,58 |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 59 out of 68 | Detected: 1-3,5-25,28-37,39-48,50,52,53,55-64,66,68 (Previously Detected (win): 1,2,3,6,9,25,45,57) |
| Identical 200 Responses | HTTP POST (Body Parameters) | 57 out of 68 | Detected: 1-3,5-25,28-37,39-44,46-48,50,52,53,55-60,62-64,66,68 (Previously Detected (win): 1,2,3,6,9,25,46,57) |
| Redirect (302) Responses | HTTP GET (Query String Parameters) | 59 out of 68 | Detected: 1-3,5-25,28-37,39-48,50,52,53,55-64,66,68 (Previously Detected (win): Detected: 1,2,3,6,9,25,45,57) |
| Redirect (302) Responses | HTTP POST (Body Parameters) | 57 out of 68 | Detected: 1-3,5-25,28-37,39-44,46-48,50,52,53,55-60,62-64,66,68 (Previously Detected (win): 1,2,3,6,9,25,46,57) |
| Erroneous 404 Responses | HTTP GET (Query String Parameters) | 59 out of 68 | Detected: 1-3,5-25,28-37,39-48,50,52,53,55-64,66,68 (Previously Detected (win): 1,2,3,6,9,25,45,57) |
| Erroneous 404 Responses | HTTP POST (Body Parameters) | 57 out of 68 | Detected: 1-3,5-25,28-37,39-44,46-48,50,52,53,55-60,62-64,66,68 (Previously Detected (win): 1,2,3,6,9,25,46,57) |
| False Positive Lfi Test Cases | HTTP GET (Query String Parameters) | 2 out of 8 | Detected: 4,6 |
| Detection Accuracy | Chart | ||||
| 31.48% Detection Rate 16.67% False Positives | (34/108) (1/6) |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 2 out of 9 | Detected: 1,2, (Previously Detected: 1-4) |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 2 out of 9 | Detected: 2,4 (Previously Detected: 1-4) |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 2 out of 9 | Detected: 2,3 (Previously Detected: 1-4) |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 4 out of 9 | Detected: 1-4 |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 2 out of 9 | Detected: 2,3 (Previously Detected: 1-4) |
| Valid 200 Responses | HTTP POST (Body Parameters) | 4 out of 9 | Detected: 1-4 |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 2 out of 9 | Detected: 2,3 (Previously Detected: 1-4) |
| Identical 200 Responses | HTTP POST (Body Parameters) | 4 out of 9 | Detected: 1-4 |
| Redirect (302) Responses | HTTP GET (Query String Parameters) | 2 out of 9 | Detected: 2,3 (Previously Detected: 1-4) |
| Redirect (302) Responses | HTTP POST (Body Parameters) | 4 out of 9 | Detected: 1-4 |
| Erroneous 404 Responses | HTTP GET (Query String Parameters) | 2 out of 9 | Detected: 1,2 (Previously Detected: 1-4) |
| Erroneous 404 Responses | HTTP POST (Body Parameters) | 4 out of 9 | Detected: 1-4 |
| False Positive Rfi Test Cases | HTTP GET (Query String Parameters) | 1 out of 6 | Detected: 2 (XSS vector via arbitrary URLs) |
| The application was tested using skipfish version 2.10b, without any significant dictionary or bruteforce modules, and initiated the scans using the following command format:
./skipfish -L -l 20 -W /dev/null -Y -o [OutputDirName] -g 1 -m 1 http://[ip]:[port]/wavsep/[wavsep-dir]/[index-file].jsp |
| Detection Accuracy | Chart | ||
| 48.0% Detection Rate |
| I defined a valid cookie using skipfish -C option, disabled the option to receive any other cookies using the -N option, and scanned WIVET directly:
./skipfish -C PHPSESSID=[session-id] -o outputWivet -N http://192.168.52.101/wivet/index.php |