Hello:
The agency scanned the application and found out the automatic email that we send to our customers contains a link that is vulnerables to sql injection or blind injection
This is the link in the email: http://www.xxx.mil/Ticketpage.aspx?TicketID=1000
Scan Report:
The injection is possible from the address bar, without special tools, as part of a command HTTP GET. The following proof of concept shows executing the bengin 'WAITFOR' command on the backend MS SQL Server. http://www.xxx.mil/Ticketpage.aspx?TicketID=1000;%20WAITFOR%20DELAY%20'00:00:10'%20--%20
I am thinking to encrypt the link in the email but still be able to click on it to access the tickets?
How do I fix the issue above? Any suggestions. Thank you.