| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 16 out of 20 | Detected (New): 1(2nd),2,3,5-13,15-18
Detected (2.5.1): 1(2nd),3,6-8,11-13,15-18
Missed: 1(1st),4,14,19 |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 14 out of 20 | Detected (New): 1(2nd),2,3,5-13,17-18
Detected (2.5.1): 1(2nd),3,7,8,11-13,17,18
Missed: 1(1st),4,14-16,19 |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 16 out of 20 | Detected (New): 1(2nd),2,3,5-13,15-18
Detected (2.5.1): 1(2nd),3,6-8,11-13,15-18
Missed: 1(1st),4,14,19 |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 14 out of 20 | Detected (New): 1(2nd),2,3,5-13,17-18
Detected (2.5.1): 1(2nd),3,7,8,11-13,17,18
Missed: 1(1st),4,14-16,19 |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 16 out of 20 | Detected (New): 1(2nd),2,3,5-13,15-18
Detected (2.5.1): 1(2nd),3,6-8,11-13,15-18
Missed: 1(1st),4,14,19 |
| Valid 200 Responses | HTTP POST (Body Parameters) | 16 out of 20 | Detected (New): 1(1st&2nd)-13,17-18 (1-4 detected as Xpath Injection)
Missed: 14-16,19 |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 2 out of 8 | Detected (New): 1,2
Detected (2.5.1): 1,2
Cases Missed: 3-8 |
| Identical 200 Responses | HTTP POST (Body Parameters) | 1 out of 8 | Cases Detected: 1
Cases Missed: 2-8 |
| False Positive SQLi Test Cases | HTTP GET (Query String Parameters) | 0 out of 10 | None (But Sometimes Confuses SQLi and other exposures with XPATHi) |
