Upload
jhonassa
View
233
Download
0
Embed Size (px)
Citation preview
7/25/2019 WebCruiser Web Vulnerability Scanner Test Report
1/14
WebCruiser Web Vulnerability Scanner Test ReportV3.4.0 Made by Janusec (http://www.janusec.com )
1. Test Report
1.1. SQL Injection Test Report
Input Vector Test Cases Cases Count Report Pass Rate
GET Input Vector
Erroneous 500 Responses 19 19 100%
Erroneous 200 Responses 19 19 100%
200 Responses With
Differentiation19 19 100%
Identical 200 Responses 8 8 100%
POST Input
Vector
Erroneous 500 Responses 19 19 100%
Erroneous 200 Responses 19 19 100%
200 Responses With
Differentiation19 19 100%
Identical 200 Responses 8 8 100%
GET Input Vector
ExperimentalInsert / Delete / Other 1 1 100%
POST Input
Vector -
Experimental
Insert / Delete / Other 1 1 100%
1.2. XSS Test Report
Input Vector Test Cases Cases Count Report Pass Rate
GET Input Vector ReflectedXSS 32 32 100%
POST Input
Vector ReflectedXSS 32 32 100%
Cookie Input
Vector -
Experimental
ReflectedXSS 1 1 100%
GET Input Vector
- ExperimentalReflectedXSS 11 11 100%
POST Input
Vector -
Experimental
ReflectedXSS 11 11 100%
GET Input Vector
- ExperimentalDomXSS 4 4 100%
http://www.janusec.com/http://www.janusec.com/http://www.janusec.com/http://www.janusec.com/7/25/2019 WebCruiser Web Vulnerability Scanner Test Report
2/14
1.3. LFI Test Report
Input Vector Test Cases Cases Count Report Pass Rate
Get Input Vector
Erroneous HTTP 500
Responses 68 68 100%
Erroneous HTTP 404
Responses68 68 100%
Erroneous HTTP 200
Responses68 68 100%
HTTP 302 Redirect
Responses68 68 100%
HTTP 200 Responses With
Differentiation68 68 100%
HTTP 200 Responses with
Default File on Error68 68 100%
POST Input
Vector
Erroneous HTTP 500
Responses68 68 100%
Erroneous HTTP 404
Responses68 68 100%
Erroneous HTTP 200
Responses68 68 100%
HTTP 302 Redirect
Responses
68 68 100%
HTTP 200 Responses With
Differentiation68 68 100%
HTTP 200 Responses with
Default File on Error68 68 100%
1.4. RFI Test Report
Input Vector Test Cases Cases Count Report Pass Rate
Get Input Vector
Erroneous HTTP 500Responses
9 9 100%
Erroneous HTTP 404
Responses9 9 100%
Erroneous HTTP 200
Responses9 9 100%
HTTP 302 Redirect
Responses9 9 100%
HTTP 200 Responses With
Differentiation
9 9 100%
HTTP 200 Responses with 9 9 100%
7/25/2019 WebCruiser Web Vulnerability Scanner Test Report
3/14
Default File on Error
POST Input
Vector
Erroneous HTTP 500
Responses9 9 100%
Erroneous HTTP 404
Responses
9 9 100%
Erroneous HTTP 200
Responses9 9 100%
HTTP 302 Redirect
Responses9 9 100%
HTTP 200 Responses With
Differentiation9 9 100%
HTTP 200 Responses with
Default File on Error9 9 100%
1.5. Redirect Test Report
Input Vector Test Cases Cases Count Report Pass Rate
Get Input Vector
HTTP 302 Redirect
Responses15 15 100%
HTTP 200 Responses With
Javascript Redirect15 15 100%
POST Input
Vector
HTTP 302 Redirect
Responses15 15 100%
HTTP 200 Responses With
Javascript Redirect15 15 100%
1.6. False Positive Test Report
False Vuln Test Cases Cases Count Report Pass Rate
SQL Injection False Positive 10 0 100%
XSS False Positive 7 0 100%
LFI False Positive 8 0 100%RFI False Positive 6 0 100%
Redirect False Positive 9 0 100%
Backup False Positive 4 0 100%
7/25/2019 WebCruiser Web Vulnerability Scanner Test Report
4/14
2. Test Environment
2.1. Product and Test Cases
WAVSEP (Web Application Vulnerability Scanner Evaluation Project) v1.5
WAVSEP Environment: Windows8.1 + XAMPP (Tomcat + MySQL)
WebCruiser Web Vulnerability Scanner Enterprise Edition V3.4.0
2.2. Test Scope
This test report includes the following vulnerabilities:
SQL Injection
Cross-site Scripting(XSS)
LFI(Local File Inclusion)
RFI(Remote File Inclusion)
Redirect
Obsolete Backup
Other test cases are not included.
7/25/2019 WebCruiser Web Vulnerability Scanner Test Report
5/14
2.3. Test Method
In order to get the test results quickly, we use a new feature of WebCruiser Web
Vulnerability Scanner, which is Scan Page, which means it will scan all links in a page
once a time. This function requires that the links locate under the same or sub directory,
links under other directories will be skipped.
When start a new page scan, click Reset Scannerto clear previous result, and navigate
to new page, and then click ScanPage
2.4. SQL Injection Test Details
2.4.1. Get Input Vector
Erroneous 500 Responses (19 cases)
7/25/2019 WebCruiser Web Vulnerability Scanner Test Report
6/14
Erroneous 200 Responses (19 cases)
7/25/2019 WebCruiser Web Vulnerability Scanner Test Report
7/14
200 Responses With Differentiation (19 cases)
7/25/2019 WebCruiser Web Vulnerability Scanner Test Report
8/14
Identical 200 Responses (8 cases)
2.4.2. Post Input Vector
Erroneous 500 Responses (19 cases)
7/25/2019 WebCruiser Web Vulnerability Scanner Test Report
9/14
Erroneous 200 Responses (19 cases)
7/25/2019 WebCruiser Web Vulnerability Scanner Test Report
10/14
200 Responses With Differentiation (19 cases)
7/25/2019 WebCruiser Web Vulnerability Scanner Test Report
11/14
Identical 200 Responses (xx cases)
2.4.3. GET Input Vector Experimental
Experimental 1 case
2.4.4. POST Input Vector Experimental
Experimental 1 case
7/25/2019 WebCruiser Web Vulnerability Scanner Test Report
12/14
2.5. XSS Test Details
2.5.1. Get Input Vector
7/25/2019 WebCruiser Web Vulnerability Scanner Test Report
13/14
2.5.2. POST Input Vector
2.5.3. Cookie Input Vector Experimental
2.5.4. GET Input Vector Experimental
7/25/2019 WebCruiser Web Vulnerability Scanner Test Report
14/14
2.5.5. POST Input Vector Experimental
2.5.6. DomXSS GET Input Vector Experimental
2.6. Other Test Details
Test details not list here, test report please refer to the chapter 1: test report.
http://www.janusec.comFeb 24, 2015
http://www.janusec.com/http://www.janusec.com/http://www.janusec.com/