So i'm an independent contractor and as such make quarterly estimated payments to the SC Department of Revenue. Luckily they have this ancient payment platform that is constantly throwing classic ASP errors. I noticed one when I did a payment the other day that made me suspect that the whole system was vulnerable to SQL injection. I decided not to poke much further and to warn them about it.<p>I've sent them two messages over the last few months warning them that a system likely created over 10 years ago that is vital to process hundreds of millions of dollars in tax payments shouldn't be throwing visible SQL errors and ASP errors and that this stuff is a huge security risk... never heard anything back.