Vulnerable-Soap-Service

Erlik - Vulnerable Soap Service

Tested - Kali 2022.1

Description

It is a vulnerable SOAP web service. It is a lab environment created for people who want to improve themselves in the field of web penetration testing.

Features

It contains the following vulnerabilities.

-LFI

-SQL Injection

-Information Disclosure

-Command Injection

-Brute Force

-Deserialization

Installation

git clone https://github.com/anil-yelken/Vulnerable-Soap-Service

cd Vulnerable-Soap-Service

sudo pip3 install -r requirements.txt

Usage

sudo python3 vulnerable_soap.py

Exploiting Vulnerabilities

LFI

Code:https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/lfi.py

SQL Injection

Code:https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/sqli.py

Information Disclosure

Code:https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/get_logs_information_disclosure.py

Code:https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/get_data_information_disclosure.py

Command Injection

Code:https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/commandi.py

Brute Force

Code:https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/brute.py

Deserialization

Code:

https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/deserialization_socket.py

https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/deserialization_requests.py