Response Type | Input Vector | Detection Rate | Details |
Errorneous 500 Responses | HTTP GET (Query String Parameters) | 12 out of 20 | Cases Detected: 1(2nd),3,6-8,11-13,15-18
Cases Missed: 1(1st),2,4,5,9,10,14,19 |
Errorneous 500 Responses | HTTP POST (Body Parameters) | 9 out of 20 | Cases Detected: 1(2nd),3,7,8,11-13,17,18
Cases Missed: 1(1st),2,4-6,9,10,14-16,19 |
Errorneous 200 Responses | HTTP GET (Query String Parameters) | 12 out of 20 | Cases Detected: 1(2nd),3,6-8,11-13,15-18
Cases Missed: 1(1st),2,4,5,9,10,14,19 (9,19 detected only as XSS) |
Errorneous 200 Responses | HTTP POST (Body Parameters) | 9 out of 20 | Cases Detected: 1(2nd),3,7,8,11-13,17,18 Cases Missed: 1(1st),2,4,5,10,14-16,19 (6,9,15,16,19 detected only as XSS) |
Valid 200 Responses | HTTP GET (Query String Parameters) | 12 out of 20 | Cases Detected: 1(2nd),3,6-8,11-13,15-18
Cases Missed: 1(1st),2,4,5,9,10,14,19 |
Valid 200 Responses | HTTP POST (Body Parameters) | 12 out of 20 | Cases Detected: 1(1st&2nd)-4,7,8,11-13,17,18
Cases Missed: 5,6,9,10,14-16,19 |
Identical 200 Responses | HTTP GET (Query String Parameters) | 2 out of 8 | Cases Detected: 1,2
Cases Missed: 3-8 |
Identical 200 Responses | HTTP POST (Body Parameters) | 1 out of 8 | Cases Detected: 1
Cases Missed: 2-8 |
False Positive SQLi Test Cases | HTTP GET (Query String Parameters) | 0 out of 10 | None |