Erlik - Vulnerable Soap Service
Erlik - Vulnerable Soap Service
Tested - Kali 2022.1
Description
It is a vulnerable SOAP web service. It is a lab environment created for people who want to improve themselves in the field of web penetration testing.
Features
It contains the following vulnerabilities.
- LFI
- SQL Injection
- Informaion Disclosure
- Command Inejction
- Brute Force
- Deserialization
Installation
git clone https://github.com/anil-yelken/Vulnerable-Soap-Service
cd Vulnerable-Soap-Service
sudo pip3 install requirements.txt
Usage
sudo python3 vulnerable_soap.py
Exploiting Vulnerabilities
LFI
Code:https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/lfi.py
SQL Injection
Code:https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/sqli.py
Informaion Disclosure
Code:https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/get_logs_information_disclosure.py
Code:https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/get_data_information_disclosure.py
Command Injection
Code:https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/commandi.py
Brute Force
Code:https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/brute.py
Deserialization
Code:
https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/deserialization_socket.py
https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/deserialization_requests.py