Re: xml over https

From: Barnett E. Kurtz (barnett_at_entrodata.net)
Date: 02/05/05

  • Next message: Burke, Charles: "RE: xml over https"
    Date: Sat, 5 Feb 2005 07:57:11 -0500
    To: Mads Rasmussen <mads@opencs.com.br>
    
    

    Here are some references from MS to get you started:

    "Stop SQL Injection Attacks Before They Stop You"
    http://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/

    "Validating User Input"
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/bldgapps/ba_highprog_11kk.asp

    "Cross-Site Scripting and SQL Code Injection"
    http://www.microsoft.com/technet/community/chats/trans/sql/sql91702.mspx

    "MS03-016: HTTP Receiver Buffer Overflow and DTA SQL Injection
    Vulnerabilities in Microsoft BizTalk Server 2002"

    http://support.microsoft.com/default.aspx?scid=kb;en-us;815208

    "Patterns and Practices - Chapter 2 – Threats and Countermeasures"

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/THCMCh02.asp

    Regards,

    -Barnett

    ---- Original message ----
    >Date: Fri, 04 Feb 2005 09:33:29 -0300
    >From: Mads Rasmussen <mads@opencs.com.br>
    >Subject: Re: xml over https
    >To: vuln-dev@securityfocus.com
    >
    >
    >Actually it turned out to be way much simpler than I thought,
    the
    >application sends text files between server and client,
    formatted in XML.
    >Some of the fields are encrypted with 3des but the key was
    hardcoded and
    >I managed to write a tiny program to decrypt the xml fields
    using their
    >own dll without specifying the key ;-)
    >
    >The application communicates through https with a portal
    vulnerable to
    >sql injection. I haven't been able to find a login that suits
    but I have
    >mapped almost the whole DB using different queries.
    >If anyone know a nice guide to sql injection for SQL server
    (MS) I would
    >appreciate it
    >
    >Regards,
    >
    >Mads
    >
    >


  • Next message: Burke, Charles: "RE: xml over https"