A client of mine who I took over from an existing developer has a website build in ASP using MySQL database. They received an email from a random contact yesterday stating there is a vulnerability in the site and he was able to access the database though the ASP code / forms some how, to prove it he provided the data from one of the tables in the DB.
As I have really little idea on ASP does anyone has any experience with this and maybe how I could replicate his testing to work out the issue and fix it for them?
That's what you need to read up on. It's not a uniquely ASP issue - it's something that need to be considered for any application that interfaces with a database.
Bookmarks