Web Service and API attacks
Skills Assessment
FFUF for wsdl
ffuf -w "SecLists-master/Discovery/Web-Content/burp-parameter-names.txt" -u 'http://10.129.14.178:3002/wsdl?FUZZ' -fs 0 -mc 200
http://10.129.14.178:3002/wsdl?wsdl page
Intercept GET request of http://10.129.91.66:3002/wsdl?wsdl
Go Burpsuite proxy > Extensions > Wsdler > Parse to Wsdler
On the Wsdler tab, we see 2 operations Login and ExecuteCommand.
Send the Login Operation to repeater since we see LoginRequest and LoginResponse in wsdl webpage.
Ensure SOAPAction: Login has the " "
on tem username input, key in payloadadmin' or '1'='1
from sql injection authentication bypass since we want to login as admin and send the request.
Send the request and we login as admin user via authentication bypass. Flag can be found in the password field of the response.
Last updated