Subscribe via feed.

SQL Server Reporting Services (SSRS) ViewState Deserialization

Posted by deepcore on March 13, 2020 – 10:38 am

A vulnerability exists within Microsoft’s SQL Server Reporting Services which can allow an attacker to craft an HTTP POST request with a serialized object to achieve remote code execution. The vulnerability is due to the fact that the serialized blob is not signed by the server.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.