-
Notifications
You must be signed in to change notification settings - Fork 104
Test 8) Verbose SOAP Fault Message
Yalçın YOLALAN edited this page Mar 28, 2018
·
2 revisions
Vulnerability Type Dynamic
Test Web Service URI http://[yourhostName]/SOAPFault.asmx?WSDL
Vulnerable Code Block This method throws SoapException.
public string SFTest()
{
throw new SoapException("Test Fault",
SoapHeaderException.ClientFaultCode);
}
Attack Payload N/A
Vulnerable Method Name SFTest
Vulnerable Parameter Name N/A
Response
System.Web.Services.Protocols.SoapException: Test Fault
Indications of Vulnerability
Web server returned: Http status code is 500 (i.e. Internal Error).
SoapException was caught during the service call.
- Home
- Installation
- Usage
- Default Parameter Values
- Scope
- Donation
-
Testing Activities
- XML Bombs
- External Entity Attacks
- Insecure Communication
- Insufficient Authentication Test
- Cross Site Scripting
- SQL Injection
- XPATH Injection
- Verbose SOAP Fault Message
- Weak WS-SecurityPolicy: Insecure Transport
- Weak WS-SecurityPolicy: Insufficient Supporting Token Protection
- Weak WS-SecurityPolicy: Tokens Not Protected
- Weak XML Schema: Undefined Namespace
- Weak XML Schema: Unbounded Occurrences