Virtual Programming VP-ASP SQL Injection Vulnerability

info
discussion
exploit
solution
references

Virtual Programming VP-ASP SQL Injection Vulnerability

Solution:
The vendor has suggested the administration page be moved to an unpredictable location:

You can hide the name of the VP-ASP administration page. Hackers will not be able to even locate the VP-ASP administration page.

From VP-ASP 3.0 and higher set the following in shop$config.asp

const xAdminPage="youradminpagename.asp"

const xShowAdmin="No"