Vulnerability Development mailing list archives
RE: xml over https
From: "Burke, Charles" <Charles_Burke () HomeDepot com>
Date: Mon, 7 Feb 2005 09:08:19 -0500
This web services was not using WS Security was it? I am assuming the xml encryption was custom or was it provided by WSE? -----Original Message----- From: Mads Rasmussen [mailto:mads () opencs com br] Sent: Friday, February 04, 2005 7:33 AM To: vuln-dev () securityfocus com Subject: Re: xml over https Actually it turned out to be way much simpler than I thought, the application sends text files between server and client, formatted in XML. Some of the fields are encrypted with 3des but the key was hardcoded and I managed to write a tiny program to decrypt the xml fields using their own dll without specifying the key ;-) The application communicates through https with a portal vulnerable to sql injection. I haven't been able to find a login that suits but I have mapped almost the whole DB using different queries. If anyone know a nice guide to sql injection for SQL server (MS) I would appreciate it Regards, Mads
Current thread:
- xml over https Mads Rasmussen (Feb 02)
- <Possible follow-ups>
- RE: xml over https Butler, Theodore (Feb 05)
- Re: xml over https Mads Rasmussen (Feb 05)
- Re: xml over https Barnett E. Kurtz (Feb 07)
- RE: xml over https Burke, Charles (Feb 07)
- Re: xml over https Mads Rasmussen (Feb 11)