Hello all,
i am trying to pass my web application for PCI scan.i have forgot password.aspx page,on which i take user email id and customer name as input from user.and after verifying all details i send password reset link to user entered email address.i have inline query (sql query in code) accepting input parameters like email id and customer name.after successfull verification of user i send reset link which is (hard coded link with dynamic parameters) also included in code itself.
it works fine when i run it.but for PCI scan it gives me vulnaribilty error "CGI Generic SQL Injection" for that page itself.
So how can i tackle this issue.is there any third party tool available to debugg this?
Thank you.