[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: xml over https

To: vuln-dev@xxxxxxxxxxxxxxxxx
Subject: Re: xml over https
From: Mads Rasmussen <mads@xxxxxxxxxxxxx>
Date: Fri, 04 Feb 2005 09:33:29 -0300
Delivered-to: mailing list vuln-dev@xxxxxxxxxxxxxxxxx
Delivered-to: moderator for vuln-dev@xxxxxxxxxxxxxxxxx
In-reply-to: <F02E98A2C9F4714897F4C2F81FD969FE7078D5@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:vuln-dev-help@securityfocus.com>
List-id: <vuln-dev.list-id.securityfocus.com>
List-post: <mailto:vuln-dev@securityfocus.com>
List-subscribe: <mailto:vuln-dev-subscribe@securityfocus.com>
List-unsubscribe: <mailto:vuln-dev-unsubscribe@securityfocus.com>
Mailing-list: contact vuln-dev-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <F02E98A2C9F4714897F4C2F81FD969FE7078D5@xxxxxxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)

Actually it turned out to be way much simpler than I thought, theapplication sends text files between server and client, formatted in XML.Some of the fields are encrypted with 3des but the key was hardcoded andI managed to write a tiny program to decrypt the xml fields using theirown dll without specifying the key ;-)

The application communicates through https with a portal vulnerable tosql injection. I haven't been able to find a login that suits but I havemapped almost the whole DB using different queries.If anyone know a nice guide to sql injection for SQL server (MS) I wouldappreciate it


Regards,

Mads

References:
- RE: xml over https
  - From: Butler, Theodore

Prev by Date: RE: xml over https
Next by Date: Re: xml over https
Previous by thread: RE: xml over https
Next by thread: Re: xml over https
Index(es):
- Date
- Thread