Hello
I have Porject working as Voice & Video Chat
it's running windows service to provide VOIP via Server/Client and it's grepping users information from SQL Database
and there's web panel ASP.NET/ASP based used to manage chat users themes etc.
the problem in files attached
those files connected to the client and grep too much information about any guest like Computer Name , BISO , too much info and insert it on the Database using Windows Services
The problem now that there's vulnerability in those files allow attacker to insert those data "Computer Name , BISO" to database like 1000 times / mint
This action make services faild and required reboot
that what i need to fix
I think it may help if we disable those info to be inserted in database or find how it's work
Thank You.
I have been developing websites since 2000 and use mainly Classic ASP and MySQL for my data-driven websites. I have use SQLServer for some websites where the site is hosted on a different server, so am comfortable with SQLServer.
I normally put any SQL to the database through a function that checks it for SQL injection attempts and cleans it if there are any.
I would develop a function that checks the data and preps it for insertion into the database.
Thanks for your consideration
Warren