SQL Injection vulnerability in vulnsrv not found

[phihag]

$ python -m webvulnscan localhost:8666
Vulnerability: http://localhost:8666/csrf/send CSRF Vulnerability 
Vulnerability: http://localhost:8666/xss/?username=%3Cscript%3Ealert%28%22XSS_STRING%22%29%3B%3C%2Fscript%3E XSS in URL parameter username

There should be at least one report about the SQL injection vulnerability.

[phihag]

We need a generic way to detect soft 500s (i.e. errors that are still served as 200), for example by sending two innocuous requests, finding the similarities, and then sending a third test request.