Bhushan Bhasme

Bhushan Bhasme

  • 1.1k
  • 768
  • 203.1k

CGI Generic SQL Injection

Oct 2 2018 6:30 AM

Hello all,

i am trying to pass my web application for PCI scan.i have forgot password.aspx page,on which i take user email id and customer name as input from user.and after verifying all details i send password reset link to user entered email address.i have inline query (sql query in code) accepting input parameters like email id and customer name.after successfull verification of user i send reset link which is (hard coded link with dynamic parameters) also included in code itself.

it works fine when i run it.but for PCI scan it gives me vulnaribilty error "CGI Generic SQL Injection" for that page itself.

So how can i tackle this issue.is there any third party tool available to debugg this?

Thank you.


Answers (1)