How to fix Server Status Code: 302 Found by SQL Inject Me Firefox Addon

Question

I scanned my login script using SQL Inject Me Firefox addon

According to the Test Results, my script was vulnerable to SQL Injection. Result by example

Answer 1

Four years later but I was just looking into this question and thought that I would share for the next person.

After some analysis, we concluded that the 302 is in itself not a concern. The concern is what page preceded the 302 which might have been sent but was swept away by the 302 before it could be displayed. If the previous page received by the browser (and perhaps recorded by Fiddler) contained database errors (or other information that a hacker might find useful) than that is bad. If the 302 is the initial response and it has an empty body, just a header, then I think that you are OK.

You have to display the error page (the purpose of the 302) so I don't see how that could be considered "too much information".