-
-
Notifications
You must be signed in to change notification settings - Fork 3
99.1. SQL injection detection test results with ActiveScan
gdgd009xcd edited this page Nov 23, 2023
·
26 revisions
SQL injection detection test results using Active Scanners for ZAPROXY.
ZAPROXY Version: ZAPROXY version 2.13
ZAPROXY Mode: Standard mode
Used pattern of CustomActiveScan: [Default Sample SQL Injection]
- if you want to use [Default Sample SQL Injection], follow these instructions
Symbols:
- O detected SQL injection
- X not detected SQL injection
- --- The scanner does not have function to detect this type of SQL injection.
| Site | URL | parameter | CustomActiveScan ForZAP 0.8.3 |
Active Scanner Rules(alpha) 44.0.0 |
Active Scanner Rules 57.0.0 |
Advanced SQLInjection Scanner 15.0.0 |
|---|---|---|---|---|---|---|
| OWASP Juice Shop On Docker Image | http://localhost:3000/rest/products/search?q= | q | O | --- | O (SQL error based test) | O |
| http://localhost:3000/rest/user/login | O | --- | O (SQL error based) | O | ||
| AltoroJ On Eclipse Neon3 |
http://localhost:8080/AltoroJ/doLogin | uid | O | --- | X | X |
| http://localhost:8080/AltoroJ/doLogin | passw | O | --- | X | X | |
| http://localhost:8080/AltoroJ/bank/showTransactions | startDate | O | --- | X | X | |
| http://localhost:8080/AltoroJ/bank/showTransactions | endDate | O | --- | X | X | |
| WEBSAMPSQLINJ On Docker Image |
http://glide:8110/mypage.php | user | O | --- | X | O |
| http://glide:8110/mypage.php | pass | O | --- | X | O | |
| http://glide:8110/inquirylist.php | subject | O | --- | X (detected XSS) | X | |
| http://glide:8110/inquirylist.php | contents | O | --- | X (detected XSS) | X | |
| vulnerable-node-app | http://localhost:4000/user/login | username | O | X | --- | --- |
| http://localhost:4000/user/login | password | O | X | --- | --- | |
| http://localhost:4000/user/lookup | username | O | O | --- | --- | |
| http://localhost:4000/user/lookup2 | username | O | O | --- | --- |