Scanner | Version | Vendor |
LoverBoy | 1.0 | Ashaman Boyd |
Tested Against WAVSEP Version: |
Detection Accuracy | Chart | ||||
0.00% Detection Rate 0.00% False Positives | (0/136) (0/10) |
Response Type | Input Vector | Detection Rate | Details |
Errorneous 500 Responses | HTTP GET (Query String Parameters) | 0 out of 20 | Execution Failed. |
Errorneous 500 Responses | HTTP POST (Body Parameters) | 0 out of 20 | Execution Failed. |
Errorneous 200 Responses | HTTP GET (Query String Parameters) | 0 out of 20 | Execution Failed. |
Errorneous 200 Responses | HTTP POST (Body Parameters) | 0 out of 20 | Execution Failed. |
Valid 200 Responses | HTTP GET (Query String Parameters) | 0 out of 20 | Execution Failed. |
Valid 200 Responses | HTTP POST (Body Parameters) | 0 out of 20 | Execution Failed. |
Identical 200 Responses | HTTP GET (Query String Parameters) | 0 out of 8 | Execution Failed. |
Identical 200 Responses | HTTP POST (Body Parameters) | 0 out of 8 | Execution Failed. |
False Positive SQLi Test Cases | HTTP GET (Query String Parameters) | 0 out of 10 | Execution Failed. |
I configured an http proxy (to see if it is working), increased the timeout for exploitation to 60 seconds and for crawling to 35 minutes, checked the ?scan for vulnerabilities? checkbox, checked the logging checkbox and chose a name for the log file, checked the ?include MySQL? in the included vulnerability scanners. I also tried the same settings without proxy configuration, and on several initial URLs:
http://192.168.110.1:8080/wavsep/index-sql.jsp http://192.168.110.1:8080/wavsep/index-false.jsp I even transferred the content of index-sql.jsp and index-false.jsp into the index.jsp file, and scan from the initial point of access: http://192.168.110.1:8080/wavsep/ http://192.168.110.1:8080/wavsep The tool failed the crawling process over and over. For some reason, it only managed to begin scanning the default pages of tomcat, but still failed crawling through my pages (with or without proxy). |