Re: xml over https

From: Barnett E. Kurtz (barnett_at_entrodata.net)
Date: 02/05/05

  • Next message: Burke, Charles: "RE: xml over https" 
    Date: Sat, 5 Feb 2005 07:57:11 -0500
To: Mads Rasmussen <mads@opencs.com.br>

    Here are some references from MS to get you started:

    "Stop SQL Injection Attacks Before They Stop You"
    http://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/

    "Validating User Input"
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/bldgapps/ba_highprog_11kk.asp

    "Cross-Site Scripting and SQL Code Injection"
    http://www.microsoft.com/technet/community/chats/trans/sql/sql91702.mspx

    "MS03-016: HTTP Receiver Buffer Overflow and DTA SQL Injection
    Vulnerabilities in Microsoft BizTalk Server 2002"

    http://support.microsoft.com/default.aspx?scid=kb;en-us;815208

    "Patterns and Practices - Chapter 2 – Threats and Countermeasures"

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/THCMCh02.asp

    Regards,

    -Barnett

    ---- Original message ----
    >Date: Fri, 04 Feb 2005 09:33:29 -0300
    >From: Mads Rasmussen <mads@opencs.com.br>
    >Subject: Re: xml over https
    >To: vuln-dev@securityfocus.com
    >
    >
    >Actually it turned out to be way much simpler than I thought,
    the
    >application sends text files between server and client,
    formatted in XML.
    >Some of the fields are encrypted with 3des but the key was
    hardcoded and
    >I managed to write a tiny program to decrypt the xml fields
    using their
    >own dll without specifying the key ;-)
    >
    >The application communicates through https with a portal
    vulnerable to
    >sql injection. I haven't been able to find a login that suits
    but I have
    >mapped almost the whole DB using different queries.
    >If anyone know a nice guide to sql injection for SQL server
    (MS) I would
    >appreciate it
    >
    >Regards,
    >
    >Mads
    >
    >

  • Next message: Burke, Charles: "RE: xml over https"

    Relevant Pages

    • sqlninja 0.2.3 released
      ... Fancy going from a SQL Injection to a full GUI access on the DB server? ... Take a few SQL Injection tricks, add a couple of remote shots in the registry to disable Data Execution Prevention, mix with a little Perl that automatically generates a debug script, put all this in a shaker with a Metasploit wrapper, shake well and you have the latest release of sqlninja! ...
      (Pen-Test)
    • Re: Our 2000 Server was compromised and it has all the security patches.
      ... SQL injection - thats pretty easy to avoid (even though ... Anyone who has a server should do this before ... from Korea I believe attempted manually hacking into the ... one last note for you Symantec customers - I ran ...
      (microsoft.public.security)
    • Re: SQL Injection prevention
      ... >company than a hosting company. ... this client is a long time client of ... >danger to my sites/DB's on the server. ... >do sql injection and therefor concerned about the site going live on my ...
      (microsoft.public.sqlserver.security)
    • [Full-disclosure] sqlninja 0.2.3 released
      ... Fancy going from a SQL Injection to a full GUI access on the DB server? ... Metasploit wrapper, shake well and you have the latest release of ...
      (Full-Disclosure)
    • Re: xml over https
      ... application sends text files between server and client, formatted in XML. ... I managed to write a tiny program to decrypt the xml fields using their ... If anyone know a nice guide to sql injection for SQL server I would ...
      (Vuln-Dev)