From tssci
"This week, I was doing an internal penetration test for a client of a web service,
which is used by applications loaded on kiosk machines around the
country. I didn’t have much time to do the test, so I had a couple
advantages, like having network access to the service, the WSDL
and also ability to interact with the developers. This also gave me a
chance to see how capable our web application firewall was at being
able to detect attacks.
I had some trouble with WSFuzzer, and kept getting “XML Fault” errors like the one below:
There was an anomaly encountered in interfacing with the
provided target. The neuroFuzz team is aware of these situational
conditions and we are looking into the root cause(s) …If you would like to help with this type of research send the
following data along with some details about the target service to
[email protected]Response: XML Fault
Ok, no big deal — I’ll just write my own! I loaded up soapUI
and put in the WSDL address, and soapUI was able to generate the XML
requests according to the WSDL. soapUI automatically puts a question
mark placeholder into the input areas, so I then saved these as
individual XML files — one for each service method."
