Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SOAPAction Spoofing: Extend plugin to work in combination with WS-Addressing #11

Open
kmzs opened this issue Sep 23, 2016 · 0 comments
Open

SOAPAction Spoofing: Extend plugin to work in combination with WS-Addressing #11

kmzs opened this issue Sep 23, 2016 · 0 comments

Comments

@kmzs
Copy link
Contributor

kmzs commented Sep 23, 2016
edited

When attacking a web service that is built with the Metro or Axis2 framework and makes use of WS-Addressing, the SOAPAction Spoofing plugin shows that the service is not vulnerable.
However setting the <wsa:Action>-element in the WS-Addressing header to the same operation like the SOAPAction parameter results in a successful attack.

Web services built with the Metro or Axis2 framework will execute the operation specified in the SOAPAction parameter if the same operation is specified in the <wsa:Action>-element, no matter which operation is called in the <soap:Body>-element.
This is equal to a 3/3 rating from the attack plugin.

Compared to a web service without WS-Addressing the Metro web service got a worse score.

This can be easily reproduced using the sample web services "Metro-1" and "Axis2-1". (Make sure to enable WS-Addressing in the Expert View)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kmzs