SOAP injection can be diffi cult to detect, because supplying XML metacharacters in a noncrafted way breaks the format of the SOAP message
-Submit an Closing Tag to Every Parameter and check if Any Error Occurs
-if Error Occurs try Submitting Valid open and Closing Tag in Parameter and check if error is still there if error is gone then Site may be vulnerable to SOAP Injection
-If the HTTP request contains several parameters that may be being placed into a SOAP message, try inserting the opening comment character () into another parameter. Then switch these around (because you have no way of knowing in which order the parameters appear). Doing so can have the effect of commenting out a portion of the server’s SOAP message. This may cause a change in the application’s logic or result in a different error condition that may divulge information
Comments
Post a Comment