Blind SQL Injection:
The AppScan test result seems to indicate vulnerability because it shows that values can be appended
to parameter values confirmed that they were embedded in an SQL query. In this test, three (or
sometimes four) requests are sent. The last is logically equal to the original, and the next-to-last is
different. Any others are for control purposes. A comparison of the last two responses with the first
(the last is similar to it, and the next-to-last is different) indicates that the application is vulnerable. It
is recommended to Review possible solutions for hazardous character injection.
Vulnerable URL:
http://domainname/login/index.php
http://domainname/lib/javascript.php/1497470321/theme/academi/javascript/theme.js