CsharpVulnSoap

日付

Validations

8 Compromissions 9%

Note  Notation

1 vote

Description

The CsharpVulnSoap virtual appliance is a purposefully vulnerable SOAP service, focusing on using XML, which is a core feature of APIs implemented using SOAP. The web application, listening on port 80, allows you to list, create, and delete users in the PostgreSQL database. The web application is written in the C# programming language and uses apache+mod_mono to run. The main focus of intentional vulnerabilities was SQL injections.

The vulnerable SOAP service is available on http:///Vulnerable.asmx, and by appending ?WSDL to the URL, you can get an XML document detailing the functions exposed by the service. Using this document, you can automatically fuzz the endpoint for any vulnerabilities by parsing the document and creating the HTTP requests expected programmatically.

The SQL injections yield a variety of potential exploit techniques since different SQL verbs are used to perform actions against the server. For instance, a SQL injection in an INSERT statement may not be exploitable in the same ways the DELETE or SELECT statements will be. Using a tool like sqlmap will help you learn how to exploit each SQL injection vulnerability using a variety of techniques.

If you are curious how sqlmap is performing the checks for, and ultimately exploiting, the vulnerabilities in the web application, you can use the —proxy option for sqlmap and pass the HTTP requests through Burpsuite. You can then see in the HTTP history tab the raw HTTP requests made by sqlmap.

Temps de compromission

4 heures

Système d'exploitation

 linux

démarrer cet environnement virtuel

Résultats du CTF alltheday Résultats du CTF alltheday pour CsharpVulnSoap

Pseudonyme Environnement Virtuel Nombre d'attaquant Date de début Environnement compromis en
- CsharpVulnSoap 0 2019年2月3日 to 10:15 -
bUst4gr0 CsharpVulnSoap 1 2019年1月24日 to 22:29 0h20
- CsharpVulnSoap 1 2019年1月17日 to 18:06 -
- CsharpVulnSoap 1 2018年12月15日 to 10:41 -
- CsharpVulnSoap 2 2018年10月12日 to 19:31 -