SQL injection is used for ASP + Access website
ASP is Active Server Pages, which is a server-side script environment developed by Microsoft Corporation. It can be used to create dynamic interactive web Pages and establish powerful web applications. When the server receives a request for an ASP file, it processes server-side script code that is included in the HTML (Hyper Text Markup Language) Web page file that is built to be sent to the browser. In addition to server-side script code, an ASP file can also contain text, HTML (including related client-side scripts), and COM component calls.
Microsoft Office Access is a relational database management system released by Microsoft. There’s only the concept of tables.
There are many scanning tools for Web applications: AWVS, AppScan, OWASP ZAP, etc. The following is probed using OWASP-ZAP.
3. Vulnerability Analysis
Analyze the contents marked red in the scan results.
4. SQL injection point using
using SQLMap test. Note: Access only has the concept of a table.