Hi.
First thing that you have to be aware that web scanners like AppScan tend
to give false positives here and there.
You can check your sample by removing the "injection part" from the request
itself.
Put this into the request.txt file:
POST /xxx/space.php?appname=feed&mod=home&act=ta HTTP/1
method is post, but url have parameter
following is data:
**
POST /xxx/space.php?appname=feed&mod=home&act=ta HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: text/html, */*; q=0.01
X-Requested-With: XMLHttpRequest
Cookie: CmProvid=js;
WT_FPC=id=2
