I am trying to get any suggestions you may have, to address this finding. It reports a Blind SQL Injection issue - we already have input validation in place and not sure what needs to be done in the asp.net page to handle this. any suggestions will be appreciated.
Blind SQL Injection
Entity: ctl00$ContentPlaceHolder1$txtInput (Parameter)
Risk: It is possible to view, modify or delete database entries and tables
Causes: Sanitation of hazardous characters was not performed correctly on user input
Fix: Review possible solutions for hazardous character injection
Reasoning: The test result seems to indicate a vulnerability because it shows that values can be appended to parameter values, indicating that they were embedded in an SQL query.HEX(0D)HEX(0A)In this test, three (or sometimes four) requests are sent. The last is logically equal to the original, and the nexttolast is different. Any others are for control purposes. A comparison of the last two responses with the first (the last is similar to it, and the nexttolast is different) indicates that the application is vulnerable.
This topic has been locked.