SQL Server Reporting Services (SSRS) ViewState Deserialization
Posted by deepcore on March 13, 2020 – 10:38 am
A vulnerability exists within Microsoft’s SQL Server Reporting Services which can allow an attacker to craft an HTTP POST request with a serialized object to achieve remote code execution. The vulnerability is due to the fact that the serialized blob is not signed by the server.
Post a reply
You must be logged in to post a comment.