The free, open source project called "aspReady FAQ" is open for SQL-injection. This results is admin access with the ability change/delete the entire database. An example on SQL-inject that works could be: 1'or'1'='1 After doing a google search, I've found out that some companies are actually using this free aspReady FAQ. Credits to: Preben Nylokken The system can be found at: http://pscode.com/vb/scripts/ShowCode.asp?txtCodeId=9055&lngWId=4 Live sample can be found and tested on: www.itsikkerhet.com/db/faq - Preben Nyloekken