Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: RE: xml over https

RE: xml over https

From: Burke, Charles <Charles_Burke_at_HomeDepot.com>
Date: Mon, 7 Feb 2005 09:08:19 -0500

This web services was not using WS Security was it?
I am assuming the xml encryption was custom or was it provided by WSE?

-----Original Message-----
From: Mads Rasmussen [mailto:mads_at_opencs.com.br]
Sent: Friday, February 04, 2005 7:33 AM
To: vuln-dev_at_securityfocus.com
Subject: Re: xml over https

Actually it turned out to be way much simpler than I thought, the
application sends text files between server and client, formatted in
XML. Some of the fields are encrypted with 3des but the key was
hardcoded and
I managed to write a tiny program to decrypt the xml fields using their
own dll without specifying the key ;-)

The application communicates through https with a portal vulnerable to
sql injection. I haven't been able to find a login that suits but I have

mapped almost the whole DB using different queries.
If anyone know a nice guide to sql injection for SQL server (MS) I would

appreciate it

Regards,

Mads
Received on Feb 07 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos