Vulnerable to SQL Injection
Reviewed byAnonymouson Mon, 20th April 2009
As of 4/20/09, this application appears to still be vulnerable to SQL Injection.
http://www.xigla.com/absolutefp/demo/login.asp
I can log on with a very basic sql injection technique.
I've spent 40 hours a week for 10 years developing ASP applications. After looking at the code, I can tell you that you should NOT be using this or any other Xigla applications under any circumstances.
The entire line of Xigla applications appears to be VERY vulnerable to SQL injection attacks.
The site and the applications look very nice, but do not be deceived. They are very poorly and dangerously coded.
If you doubt this review in any way just Google for "Xigla SQL Injection" and you'll see what I mean.
