Jump to content
YOUR-AD-HERE
HOSTING
TOOLS

Locked WAVSEP v1.2

sQuo

By ADMINsQuo
in Tools

 Share

Recommended Posts

sQuo Hacker

ADMINsQuo

Posted
Posted

This is the hidden content, please

 

The Web Application Vulnerability Scanner Evaluation Project

 

 

Project WAVSEP currently includes the following test cases:

Vulnerabilities:

 

Path Traversal/LFI: 816 test cases, implemented in 816 jsp pages (GET & POST)

Remote File Inclusion (XSS via RFI): 108 test cases, implemented in 108 jsp pages (GET & POST)

Reflected XSS: 66 test cases, implemented in 64 jsp pages (GET & POST)

Error Based SQL Injection: 80 test cases, implemented in 76 jsp pages (GET & POST)

Blind SQL Injection: 46 test cases, implemented in 44 jsp pages (GET & POST)

Time Based SQL Injection: 10 test cases, implemented in 10 jsp pages (GET & POST)

Passive Information Disclosure/Session Vulnerabilities (inspired/imported from ZAP-WAVE): 3 test cases of erroneous information leakage, and 2 cases of improper authentication / information disclosure - implemented in 5 jsp pages

Experimental Tase Cases (inspired/imported from ZAP-WAVE): 9 additional RXSS test cases (anticsrf tokens, secret input vectors, tag signatures, etc), and 2 additional SQLi test cases (INSERT) - implemented in 11 jsp pages (GET & POST)

 

False Positives:

 

7 different categories of false positive Reflected XSS vulnerabilities (GET & POST )

10 different categories of false positive SQL Injection vulnerabilities (GET & POST)

8 different categories of false positive path traversal/LFI vulnerabilities (GET & POST)

6 different categories of false positive remote file inclusion vulnerabilities (GET & POST)

 

Additional Features:

 

A simple web interface for accessing the vulnerable pages

An auto-installer for the mysql database schema (/wavsep-install/install.jsp)

Sample detection & exploitation payloads for each and every test case

Database connection pool support, ensuring the consistency of scanning results

Usage

Although some of the test cases are vulnerable to additional exposures, the purpose of each test case is to evaluate the detection accuracy of one type of exposure, and thus, “out of scope” exposures should be ignored when evaluating the accuracy of vulnerability scanners.

 

 

This is the hidden content, please

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.