14 years ago

Why soapUI think this message is an alert?

Hello everyone!

I am running soapUI security tests at the following web service: http://www.webservicex.com/ValidateEmail.asmx?WSDL

I inject the following code:

POST http://www.webservicex.com/ValidateEmail.asmx HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: text/xml;charset=UTF-8
SOAPAction: "http://www.webservicex.net/IsValidEmail"
User-Agent: Jakarta Commons-HttpClient/3.1
Host: http://www.webservicex.com
Content-Length: 309

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://www.webservicex.net">
<soapenv:Header/>
<soapenv:Body>
<web:IsValidEmail>

<web:Email><PLAINTEXT></web:Email>
</web:IsValidEmail>
</soapenv:Body>
</soapenv:Envelope>

The answer is an empty message and in my opinion is robust, non-delivery
information to the attacker, however, soapUI considered to be a failure.

HTTP/1.1 400 Bad Request
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 26 Oct 2011 20:00:14 GMT

Bad Request

What do you think?

Forum Discussion

Why soapUI think this message is an alert?

Recent Discussions

OS SoapUI: Can it connect and use Cosmos DB

"Clone interface" between projects not working

SOAPUI not responding to soap11 requests

Related Content

Alert message

Chrome 38 - Alert Box message missing?

Using sendmail for test failure alerts