[Owasp-delhi] Microsoft Network Transfer Module Over HTTPS SQL Injection

Rohit Bansal rohitisback at gmail.com
Thu Nov 18 09:36:52 EST 2010


Microsoft network uses transfer file module over HTTPS which is a part of
internal FTM process. This module was prone to input injection scenario and
reflected errors shown the high possibility of SQL injection. The error
leveraged lot of potential information about module which could be used to
exploit the inherent functionality of FTM. Primarily, it can be fuzzed more
intensively by generating false metadata combination which can be passed as
an input to FTM.

More Info :

http://www.secniche.org/advisory/ms/micr_sql_inj.html



Thanks & Regards
Rohit Bansal
http://in.linkedin.com/in/rb1337
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20101118/d9952cb1/attachment.html 


More information about the Owasp-delhi mailing list