I have a website that appears in multiple cities; it’s built on SQL 2005. I recently was hacked with, what I believe, was a php. script that made a SQL injection. I have not been able to figure out how to close this hole. They were able to append the following string to some of my fields in the database:
Three of these fields were in the asp.net_authenticationtabl
Can someone help me figure how to prevent this hack in the future?
The site is built with Asp.net C# and the database is SQL 2005. There is a dropdown box to choose the city on all pages. The name field was one of the fields hacked. The image field on two other pages was also hacked, those pages also contain an e-mail form.
Your help would be greatly appreciated.