diff --git a/site/data/scans/wavsep/sqli-get-200-err-exp.yml b/site/data/scans/wavsep/sqli-get-200-err-exp.yml index 67a15043e..454ac80f5 100644 --- a/site/data/scans/wavsep/sqli-get-200-err-exp.yml +++ b/site/data/scans/wavsep/sqli-get-200-err-exp.yml @@ -2,9 +2,9 @@ section: SQL Injection GET 200 Error Experimental url: /SInjection-Detection-Evaluation-GET-200Error-Experimental/ details: - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error-Experimental/Case01-InjectionInInsertValues-String-BinaryDeliberateRuntimeError-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 tests: 1 -passes: 1 -fails: 0 -score: 100% +passes: 0 +fails: 1 +score: 0% diff --git a/site/data/scans/wavsep/sqli-get-200-err.yml b/site/data/scans/wavsep/sqli-get-200-err.yml index 04ebb5644..b3b428712 100644 --- a/site/data/scans/wavsep/sqli-get-200-err.yml +++ b/site/data/scans/wavsep/sqli-get-200-err.yml @@ -2,63 +2,63 @@ section: SQL Injection GET 200 Error url: /SInjection-Detection-Evaluation-GET-200Error/ details: - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error/Case01-InjectionInLogin-String-LoginBypass-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error/Case02-InjectionInSearch-String-UnionExploit-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error/Case03-InjectionInCalc-String-BooleanExploit-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error/Case04-InjectionInUpdate-String-CommandInjection-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error/Case05-InjectionInSearchOrderBy-String-BinaryDeliberateRuntimeError-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error/Case06-InjectionInView-Numeric-PermissionBypass-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error/Case07-InjectionInSearch-Numeric-UnionExploit-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error/Case08-InjectionInCalc-Numeric-BooleanExploit-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error/Case09-InjectionInUpdate-Numeric-CommandInjection-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error/Case10-InjectionInSearchOrderBy-Numeric-BinaryDeliberateRuntimeError-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error/Case11-InjectionInView-Date-PermissionBypass-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error/Case12-InjectionInSearch-Date-UnionExploit-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error/Case13-InjectionInCalc-Date-BooleanExploit-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error/Case14-InjectionInUpdate-Date-CommandInjection-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error/Case15-InjectionInSearch-DateWithoutQuotes-UnionExploit-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error/Case16-InjectionInView-NumericWithoutQuotes-PermissionBypass-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error/Case17-InjectionInSearch-NumericWithoutQuotes-UnionExploit-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error/Case18-InjectionInCalc-NumericWithoutQuotes-BooleanExploit-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Error/Case19-InjectionInUpdate-NumericWithoutQuotes-CommandInjection-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 tests: 19 -passes: 19 -fails: 0 -score: 100% +passes: 0 +fails: 19 +score: 0% diff --git a/site/data/scans/wavsep/sqli-get-200-id.yml b/site/data/scans/wavsep/sqli-get-200-id.yml index 071dc02da..ee07ac989 100644 --- a/site/data/scans/wavsep/sqli-get-200-id.yml +++ b/site/data/scans/wavsep/sqli-get-200-id.yml @@ -2,13 +2,13 @@ section: SQL Injection GET 200 Identical url: /SInjection-Detection-Evaluation-GET-200Identical/ details: - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Identical/Case01-InjectionInView-Numeric-Blind-200ValidResponseWithDefaultOnException.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Identical/Case02-InjectionInView-String-Blind-200ValidResponseWithDefaultOnException.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Identical/Case03-InjectionInView-Date-Blind-200ValidResponseWithDefaultOnException.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Identical/Case04-InjectionInUpdate-Numeric-TimeDelayExploit-200Identical.jsp result: FAIL @@ -26,6 +26,6 @@ details: result: FAIL rule: 40018 tests: 8 -passes: 3 -fails: 5 -score: 38% +passes: 0 +fails: 8 +score: 0% diff --git a/site/data/scans/wavsep/sqli-get-200-valid.yml b/site/data/scans/wavsep/sqli-get-200-valid.yml index e3f7dcd3f..d9fa7e0c8 100644 --- a/site/data/scans/wavsep/sqli-get-200-valid.yml +++ b/site/data/scans/wavsep/sqli-get-200-valid.yml @@ -2,63 +2,63 @@ section: SQL Injection GET 200 Valid url: /SInjection-Detection-Evaluation-GET-200Valid/ details: - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Valid/Case01-InjectionInLogin-String-LoginBypass-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Valid/Case02-InjectionInSearch-String-UnionExploit-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Valid/Case03-InjectionInCalc-String-BooleanExploit-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Valid/Case04-InjectionInUpdate-String-CommandInjection-WithDifferent200Responses.jsp result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Valid/Case05-InjectionInSearchOrderBy-String-BinaryDeliberateRuntimeError-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Valid/Case06-InjectionInView-Numeric-PermissionBypass-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Valid/Case07-InjectionInSearch-Numeric-UnionExploit-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Valid/Case08-InjectionInCalc-Numeric-BooleanExploit-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Valid/Case09-InjectionInUpdate-Numeric-CommandInjection-WithDifferent200Responses.jsp result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Valid/Case10-InjectionInSearchOrderBy-Numeric-BinaryDeliberateRuntimeError-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Valid/Case11-InjectionInView-Date-PermissionBypass-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Valid/Case12-InjectionInSearch-Date-UnionExploit-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Valid/Case13-InjectionInCalc-Date-BooleanExploit-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Valid/Case14-InjectionInUpdate-Date-CommandInjection-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Valid/Case15-InjectionInSearch-DateWithoutQuotes-UnionExploit-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Valid/Case16-InjectionInView-NumericWithoutQuotes-PermissionBypass-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Valid/Case17-InjectionInSearch-NumericWithoutQuotes-UnionExploit-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Valid/Case18-InjectionInCalc-NumericWithoutQuotes-BooleanExploit-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-200Valid/Case19-InjectionInUpdate-NumericWithoutQuotes-CommandInjection-WithDifferent200Responses.jsp result: FAIL rule: 40018 tests: 19 -passes: 16 -fails: 3 -score: 84% +passes: 0 +fails: 19 +score: 0% diff --git a/site/data/scans/wavsep/sqli-get-500-err.yml b/site/data/scans/wavsep/sqli-get-500-err.yml index 429b46f02..48012baee 100644 --- a/site/data/scans/wavsep/sqli-get-500-err.yml +++ b/site/data/scans/wavsep/sqli-get-500-err.yml @@ -2,63 +2,63 @@ section: SQL Injection GET 500 Error url: /SInjection-Detection-Evaluation-GET-500Error/ details: - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-500Error/Case01-InjectionInLogin-String-LoginBypass-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-500Error/Case02-InjectionInSearch-String-UnionExploit-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-500Error/Case03-InjectionInCalc-String-BooleanExploit-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-500Error/Case04-InjectionInUpdate-String-CommandInjection-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-500Error/Case05-InjectionInSearchOrderBy-String-BinaryDeliberateRuntimeError-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-500Error/Case06-InjectionInView-Numeric-PermissionBypass-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-500Error/Case07-InjectionInSearch-Numeric-UnionExploit-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-500Error/Case08-InjectionInCalc-Numeric-BooleanExploit-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-500Error/Case09-InjectionInUpdate-Numeric-CommandInjection-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-500Error/Case10-InjectionInSearchOrderBy-Numeric-BinaryDeliberateRuntimeError-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-500Error/Case11-InjectionInView-Date-PermissionBypass-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-500Error/Case12-InjectionInSearch-Date-UnionExploit-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-500Error/Case13-InjectionInCalc-Date-BooleanExploit-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-500Error/Case14-InjectionInUpdate-Date-CommandInjection-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-500Error/Case15-InjectionInSearch-DateWithoutQuotes-UnionExploit-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-500Error/Case16-InjectionInView-NumericWithoutQuotes-PermissionBypass-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-500Error/Case17-InjectionInSearch-NumericWithoutQuotes-UnionExploit-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-500Error/Case18-InjectionInCalc-NumericWithoutQuotes-BooleanExploit-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-GET-500Error/Case19-InjectionInUpdate-NumericWithoutQuotes-CommandInjection-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 tests: 19 -passes: 19 -fails: 0 -score: 100% +passes: 0 +fails: 19 +score: 0% diff --git a/site/data/scans/wavsep/sqli-get-fp.yml b/site/data/scans/wavsep/sqli-get-fp.yml index d9280c6ee..aaa1d49d9 100644 --- a/site/data/scans/wavsep/sqli-get-fp.yml +++ b/site/data/scans/wavsep/sqli-get-fp.yml @@ -2,11 +2,11 @@ section: SQL Injection GET False Positives url: /SInjection-FalsePositives-GET/ details: - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-FalsePositives-GET/Case01-FalsePositiveInjectionInLogin-PsAndIv-500ErrorOnIvFailure.jsp - result: FAIL - rule: 40018 + result: Pass + rule: null - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-FalsePositives-GET/Case02-FalsePositiveInjectionInLogin-PsAndIv-500SyntaxErrorOnIvFailure.jsp - result: FAIL - rule: 40018 + result: Pass + rule: null - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-FalsePositives-GET/Case03-FalsePositiveInjectionInLogin-PsAndIv-200ErrorOnIvFailure.jsp result: Pass rule: null @@ -32,6 +32,6 @@ details: result: Pass rule: null tests: 10 -passes: 7 -fails: 3 -score: 70% +passes: 9 +fails: 1 +score: 90% diff --git a/site/data/scans/wavsep/sqli-post-200-err-exp.yml b/site/data/scans/wavsep/sqli-post-200-err-exp.yml index 395f5aa0f..f9daac454 100644 --- a/site/data/scans/wavsep/sqli-post-200-err-exp.yml +++ b/site/data/scans/wavsep/sqli-post-200-err-exp.yml @@ -2,9 +2,9 @@ section: SQL Injection POST 200 Error Experimental url: /SInjection-Detection-Evaluation-POST-200Error-Experimental/ details: - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error-Experimental/Case01-InjectionInInsertValues-String-BinaryDeliberateRuntimeError-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 tests: 1 -passes: 1 -fails: 0 -score: 100% +passes: 0 +fails: 1 +score: 0% diff --git a/site/data/scans/wavsep/sqli-post-200-err.yml b/site/data/scans/wavsep/sqli-post-200-err.yml index cb6e8f792..1f6604caa 100644 --- a/site/data/scans/wavsep/sqli-post-200-err.yml +++ b/site/data/scans/wavsep/sqli-post-200-err.yml @@ -2,63 +2,63 @@ section: SQL Injection POST 200 Error url: /SInjection-Detection-Evaluation-POST-200Error/ details: - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error/Case01-InjectionInLogin-String-LoginBypass-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error/Case02-InjectionInSearch-String-UnionExploit-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error/Case03-InjectionInCalc-String-BooleanExploit-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error/Case04-InjectionInUpdate-String-CommandInjection-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error/Case05-InjectionInSearchOrderBy-String-BinaryDeliberateRuntimeError-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error/Case06-InjectionInView-Numeric-PermissionBypass-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error/Case07-InjectionInSearch-Numeric-UnionExploit-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error/Case08-InjectionInCalc-Numeric-BooleanExploit-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error/Case09-InjectionInUpdate-Numeric-CommandInjection-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error/Case10-InjectionInSearchOrderBy-Numeric-BinaryDeliberateRuntimeError-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error/Case11-InjectionInView-Date-PermissionBypass-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error/Case12-InjectionInSearch-Date-UnionExploit-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error/Case13-InjectionInCalc-Date-BooleanExploit-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error/Case14-InjectionInUpdate-Date-CommandInjection-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error/Case15-InjectionInSearch-DateWithoutQuotes-UnionExploit-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error/Case16-InjectionInView-NumericWithoutQuotes-PermissionBypass-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error/Case17-InjectionInSearch-NumericWithoutQuotes-UnionExploit-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error/Case18-InjectionInCalc-NumericWithoutQuotes-BooleanExploit-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Error/Case19-InjectionInUpdate-NumericWithoutQuotes-CommandInjection-With200Errors.jsp - result: Pass + result: FAIL rule: 40018 tests: 19 -passes: 19 -fails: 0 -score: 100% +passes: 0 +fails: 19 +score: 0% diff --git a/site/data/scans/wavsep/sqli-post-200-id.yml b/site/data/scans/wavsep/sqli-post-200-id.yml index c889e9ba3..b40fc1fcc 100644 --- a/site/data/scans/wavsep/sqli-post-200-id.yml +++ b/site/data/scans/wavsep/sqli-post-200-id.yml @@ -2,13 +2,13 @@ section: SQL Injection POST 200 Identical url: /SInjection-Detection-Evaluation-POST-200Identical/ details: - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Identical/Case01-InjectionInView-Numeric-Blind-200ValidResponseWithDefaultOnException.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Identical/Case02-InjectionInView-String-Blind-200ValidResponseWithDefaultOnException.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Identical/Case03-InjectionInView-Date-Blind-200ValidResponseWithDefaultOnException.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Identical/Case04-InjectionInUpdate-Numeric-TimeDelayExploit-200Identical.jsp result: FAIL @@ -26,6 +26,6 @@ details: result: FAIL rule: 40018 tests: 8 -passes: 3 -fails: 5 -score: 38% +passes: 0 +fails: 8 +score: 0% diff --git a/site/data/scans/wavsep/sqli-post-200-valid.yml b/site/data/scans/wavsep/sqli-post-200-valid.yml index d4937908b..2a50d9f6c 100644 --- a/site/data/scans/wavsep/sqli-post-200-valid.yml +++ b/site/data/scans/wavsep/sqli-post-200-valid.yml @@ -2,63 +2,63 @@ section: SQL Injection POST 200 Valid url: /SInjection-Detection-Evaluation-POST-200Valid/ details: - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Valid/Case01-InjectionInLogin-String-LoginBypass-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Valid/Case02-InjectionInSearch-String-UnionExploit-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Valid/Case03-InjectionInCalc-String-BooleanExploit-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Valid/Case04-InjectionInUpdate-String-CommandInjection-WithDifferent200Responses.jsp result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Valid/Case05-InjectionInSearchOrderBy-String-BinaryDeliberateRuntimeError-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Valid/Case06-InjectionInView-Numeric-PermissionBypass-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Valid/Case07-InjectionInSearch-Numeric-UnionExploit-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Valid/Case08-InjectionInCalc-Numeric-BooleanExploit-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Valid/Case09-InjectionInUpdate-Numeric-CommandInjection-WithDifferent200Responses.jsp result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Valid/Case10-InjectionInSearchOrderBy-Numeric-BinaryDeliberateRuntimeError-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Valid/Case11-InjectionInView-Date-PermissionBypass-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Valid/Case12-InjectionInSearch-Date-UnionExploit-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Valid/Case13-InjectionInCalc-Date-BooleanExploit-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Valid/Case14-InjectionInUpdate-Date-CommandInjection-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Valid/Case15-InjectionInSearch-DateWithoutQuotes-UnionExploit-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Valid/Case16-InjectionInView-NumericWithoutQuotes-PermissionBypass-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Valid/Case17-InjectionInSearch-NumericWithoutQuotes-UnionExploit-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Valid/Case18-InjectionInCalc-NumericWithoutQuotes-BooleanExploit-WithDifferent200Responses.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-200Valid/Case19-InjectionInUpdate-NumericWithoutQuotes-CommandInjection-WithDifferent200Responses.jsp result: FAIL rule: 40018 tests: 19 -passes: 16 -fails: 3 -score: 84% +passes: 0 +fails: 19 +score: 0% diff --git a/site/data/scans/wavsep/sqli-post-500-err.yml b/site/data/scans/wavsep/sqli-post-500-err.yml index b20d80980..5b3d2d646 100644 --- a/site/data/scans/wavsep/sqli-post-500-err.yml +++ b/site/data/scans/wavsep/sqli-post-500-err.yml @@ -2,63 +2,63 @@ section: SQL Injection POST 500 Error url: /SInjection-Detection-Evaluation-POST-500Error/ details: - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-500Error/Case01-InjectionInLogin-String-LoginBypass-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-500Error/Case02-InjectionInSearch-String-UnionExploit-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-500Error/Case03-InjectionInCalc-String-BooleanExploit-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-500Error/Case04-InjectionInUpdate-String-CommandInjection-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-500Error/Case05-InjectionInSearchOrderBy-String-BinaryDeliberateRuntimeError-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-500Error/Case06-InjectionInView-Numeric-PermissionBypass-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-500Error/Case07-InjectionInSearch-Numeric-UnionExploit-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-500Error/Case08-InjectionInCalc-Numeric-BooleanExploit-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-500Error/Case09-InjectionInUpdate-Numeric-CommandInjection-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-500Error/Case10-InjectionInSearchOrderBy-Numeric-BinaryDeliberateRuntimeError-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-500Error/Case11-InjectionInView-Date-PermissionBypass-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-500Error/Case12-InjectionInSearch-Date-UnionExploit-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-500Error/Case13-InjectionInCalc-Date-BooleanExploit-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-500Error/Case14-InjectionInUpdate-Date-CommandInjection-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-500Error/Case15-InjectionInSearch-DateWithoutQuotes-UnionExploit-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-500Error/Case16-InjectionInView-NumericWithoutQuotes-PermissionBypass-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-500Error/Case17-InjectionInSearch-NumericWithoutQuotes-UnionExploit-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-500Error/Case18-InjectionInCalc-NumericWithoutQuotes-BooleanExploit-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 - path: http://127.0.0.1:8080/wavsep/active/SQL-Injection/SInjection-Detection-Evaluation-POST-500Error/Case19-InjectionInUpdate-NumericWithoutQuotes-CommandInjection-WithErrors.jsp - result: Pass + result: FAIL rule: 40018 tests: 19 -passes: 19 -fails: 0 -score: 100% +passes: 0 +fails: 19 +score: 0% diff --git a/site/data/scans/wavsep/totals.yml b/site/data/scans/wavsep/totals.yml index 4476ec136..913fa5862 100644 --- a/site/data/scans/wavsep/totals.yml +++ b/site/data/scans/wavsep/totals.yml @@ -1,4 +1,4 @@ -tests: 1170 -passes: 1126 -fails: 44 -score: 96% +tests: 1169 +passes: 1011 +fails: 158 +score: 86% diff --git a/site/data/scans/wavsep/xxe-post-input-500-error.yml b/site/data/scans/wavsep/xxe-post-input-500-error.yml index b5c6b9c36..39cf00c8d 100644 --- a/site/data/scans/wavsep/xxe-post-input-500-error.yml +++ b/site/data/scans/wavsep/xxe-post-input-500-error.yml @@ -7,13 +7,10 @@ details: - path: http://127.0.0.1:8080/wavsep/active/XXE/XXE-POST-Input-500Error/Case02-XXE-Injection-Denial-of-Service-WithErrors.jsp result: Pass rule: 90023 -- path: http://127.0.0.1:8080/wavsep/active/XXE/XXE-POST-Input-500Error/Case03-XXE-Injection-File-Disclosure-WithErrors.jsp - result: Pass - rule: 90023 - path: http://127.0.0.1:8080/wavsep/active/XXE/XXE-POST-Input-500Error/Case04-XXE-Injection-SSRF-WithErrors.jsp result: Pass rule: 90023 -tests: 4 -passes: 4 +tests: 3 +passes: 3 fails: 0 score: 100%