Web Service and API attacks

Skills Assessment

FFUF for wsdl

ffuf -w "SecLists-master/Discovery/Web-Content/burp-parameter-names.txt" -u 'http://10.129.14.178:3002/wsdl?FUZZ' -fs 0 -mc 200

http://10.129.14.178:3002/wsdl?wsdl page

Intercept GET request of http://10.129.91.66:3002/wsdl?wsdl

Go Burpsuite proxy > Extensions > Wsdler > Parse to Wsdler

On the Wsdler tab, we see 2 operations Login and ExecuteCommand.

Send the Login Operation to repeater since we see LoginRequest and LoginResponse in wsdl webpage.

Ensure SOAPAction: Login has the " "

on tem username input, key in payloadadmin' or '1'='1 from sql injection authentication bypass since we want to login as admin and send the request.

Send the request and we login as admin user via authentication bypass. Flag can be found in the password field of the response.

PreviousNotes NextQuestions

Last updated 3 months ago