3
r150
7y

Inherited a legacy system from a previous "developer" who wrote code to sanitize input from sql injection in the front end and then called an web method called execSql which accepts am sql statement in a string value!

Obviously the app ran under admin privileges.

Comments
Add Comment