|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: xml over https
From: Burke, Charles (Charles_Burke
HomeDepot.com)
Date: Mon Feb 07 2005 - 08:08:19 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This web services was not using WS Security was it?
I am assuming the xml encryption was custom or was it provided by WSE?
-----Original Message-----
From: Mads Rasmussen [mailto:madsopencs.com.br]
Sent: Friday, February 04, 2005 7:33 AM
To: vuln-devsecurityfocus.com
Subject: Re: xml over https
Actually it turned out to be way much simpler than I thought, the
application sends text files between server and client, formatted in
XML. Some of the fields are encrypted with 3des but the key was
hardcoded and
I managed to write a tiny program to decrypt the xml fields using their
own dll without specifying the key ;-)
The application communicates through https with a portal vulnerable to
sql injection. I haven't been able to find a login that suits but I have
mapped almost the whole DB using different queries.
If anyone know a nice guide to sql injection for SQL server (MS) I would
appreciate it
Regards,
Mads
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]