-
Notifications
You must be signed in to change notification settings - Fork 103
Test 4) Insufficient Authentication
Yalçın YOLALAN edited this page Mar 28, 2018
·
3 revisions
Vulnerability Type Dynamic
Test Web Service URI http://[yourhostName]/XXE.asmx?WSDL
http://[yourhostName]/Authentication.asmx?WSDL|wsuser|Wspass123
Vulnerable Code Block Each unauthenticated method
Attack Payload Methods are called with default parameter values.
Indications of Vulnerability
Web server returned: Http status code is 200 (i.e. OK - The request has succeeded).
Http status code is not equals to 401 (i.e. Unauthenticated/Authentication is required).
- Home
- Installation
- Usage
- Default Parameter Values
- Scope
- Donation
-
Testing Activities
- XML Bombs
- External Entity Attacks
- Insecure Communication
- Insufficient Authentication Test
- Cross Site Scripting
- SQL Injection
- XPATH Injection
- Verbose SOAP Fault Message
- Weak WS-SecurityPolicy: Insecure Transport
- Weak WS-SecurityPolicy: Insufficient Supporting Token Protection
- Weak WS-SecurityPolicy: Tokens Not Protected
- Weak XML Schema: Undefined Namespace
- Weak XML Schema: Unbounded Occurrences