Hacking into Web Site: Another one:
One of my web sites runs on IIS 4 with NT 4 and NT service pack 6a. The site consists of asp pages with an asa page which sets sessions to the SQL 7 server for database queries. SQL 7 is running on another box and not on the Web server. I am currently experiencing a situation where several persons are using the following command to expose the username and password that is used by the asa page to create a session to the SQL server:
http://www.”Websitename”/null.htw?CiWebHitsFile=/”Foldername”/”Subfoldername”/
search.asp%20&CiRestriction=none&CiHiliteType=Full
Which security patch for IIS should be applied here?
Appreciate any help here. Thank you
