I am currently working on resolving a Blind SQL vulnerability found on an IIS server hosting a web application
Found blind SQL injection on http://x.x.x.x/null.htw?CiWebHitsFile=/<script>xss</script>.aspx&CiRestriction=none&CiHiliteType=Full using method GET
Parameter CiHiliteType behaves differently with the following payloads:
Full OR 95276=95276
Full AND 95276=95277
I would be glad to get any input or advice on how to resolve this.
Thanks.