Si, perdonene, es que me prohibieron poner el aviso rela por al confidencialidad y toda esa mierda. Yo no estoy a favor pero bueno, me obligan a eso.LO que si se que el hacker o agente de seguridad envio mail con algo asi:
Website www.mysite.com has security vulnerabilities.
This site based on IIS, Active server pages and MS SQL Server 2005.
In order to defend site from attacks you have to check data send by user.
For example, when you display news your URL looks like:
http://www.mysite.com/newsitem.asp?id=99
where 99 is number of news in database

attackers can assume that <news number> is not filtered for numbers, so then can put in url:
id=99 or 1=@@version--
and SQL request to database will cause error, and display version of server to attacker.

Using this information attacker can get a lot of information:

Y aca me ponen "los hackers" , o quien haya sido un monton de informacion de las tablas,etc
Que podra ser?
Saludos