[Owasp-delhi] Microsoft Network Transfer Module Over HTTPS SQL Injection
rohitisback at gmail.com
Thu Nov 18 09:36:52 EST 2010
Microsoft network uses transfer file module over HTTPS which is a part of
internal FTM process. This module was prone to input injection scenario and
reflected errors shown the high possibility of SQL injection. The error
leveraged lot of potential information about module which could be used to
exploit the inherent functionality of FTM. Primarily, it can be fuzzed more
intensively by generating false metadata combination which can be passed as
an input to FTM.
More Info :
Thanks & Regards
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-delhi