Filter Evasion (Workshop)

What happens when you're on an engagement and you run into a vulnerability that seems to not be giving any results? Is the endpoint being attacked really nothing, or is something that can be done to yield fruitful results? The workshop would be to run through evading filters for Cross site scripting and SQL Injection attacks.