Henk_Oostland
Jun 12, 2017Nimbostratus
SQL injection problem!
We have an application VIP with an ASM profile. The application runs on Windows, IIS, ASP.net and SQL server.
Our BIGIP runs TMOS11.5.4HF4.
The application requires a login. When we fill in: 1'or'1'= '1'in te username field, ASM blocks the request. When we fill in: 1'or'1'= '1'-- ASM does not block the request.
What is the problem?