Re: xml over https

[Mads Rasmussen <mads () opencs com br>]

Actually it turned out to be way much simpler than I thought, the 
application sends text files between server and client, formatted in XML.
Some of the fields are encrypted with 3des but the key was hardcoded and 
I managed to write a tiny program to decrypt the xml fields using their 
own dll without specifying the key ;-)

The application communicates through https with a portal vulnerable to 
sql injection. I haven't been able to find a login that suits but I have 
mapped almost the whole DB using different queries.
If anyone know a nice guide to sql injection for SQL server (MS) I would 
appreciate it

Regards,

Mads