public async Task <IActionResult> PutSoap(int id, SoapType soapType)
{
if (id != soapType.Id)
{
return(BadRequest());
}
_context.Entry(soapType).State = EntityState.Modified;
try
{
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!SoapExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
return(NoContent());
}
public SoapWriter(StringWriter sw, string action, string ns, SoapType soapType, string xmlElementRequestName) : base(sw)
{
_sw = sw;
_action = action;
_ns = ns;
_soapType = soapType;
_xmlElementRequestName = xmlElementRequestName;
}
public async Task <ActionResult <Soap> > Post([FromBody] SoapType soapType)
{
try
{
_context.SoapTypes.Add(soapType);
await _context.SaveChangesAsync();
return(CreatedAtAction("Get", new { id = soapType.Id }, soapType));
}
catch (ArgumentException)
{
return(this.ValidationProblem());
}
catch (Exception)
{
return(this.StatusCode(500, "Internal Server error"));
}
}
public static string Serialize <T>(T obj, string soapAction, string messageNameSpace, SoapType soapType)
{
var xmlElementRequestName = typeof(T).GetTypeInfo().GetCustomAttributes <XmlTypeAttribute>().FirstOrDefault()?.TypeName;
var env = new SerializeEnvelope <T>();
env.Body.MessageHeader.SoapMessage = obj;
var serializer = new XmlSerializer <SerializeEnvelope <T> >();
var sw = new Utf8StringWriter();
var x = new SoapWriter(sw, soapAction, messageNameSpace, soapType, xmlElementRequestName);
serializer.Serialize(x, env);
var result = x.ToString();
return(result);
}
static void FuzzSoapPort(SoapBinding binding)
{
SoapPortType portType = _wsdl.PortTypes.Single(pt => pt.Name == binding.Type.Split(':')[1]);
foreach (SoapBindingOperation op in binding.Operations)
{
Console.WriteLine("Fuzzing operation: " + op.Name);
SoapOperation po = portType.Operations.Single(p => p.Name == op.Name);
SoapMessage input = _wsdl.Messages.Single(m => m.Name == po.Input.Split(':')[1]);
XNamespace soapNS = "http://schemas.xmlsoap.org/soap/envelope/";
XNamespace xmlNS = op.SoapAction.Replace(op.Name, string.Empty);
XElement soapBody = new XElement(soapNS + "Body");
XElement soapOperation = new XElement(xmlNS + op.Name);
soapBody.Add(soapOperation);
List <Guid> paramList = new List <Guid>();
SoapType type = _wsdl.Types.Single(t => t.Name == input.Parts[0].Element.Split(':')[1]);
foreach (SoapTypeParameter param in type.Parameters)
{
XElement soapParam = new XElement(xmlNS + param.Name);
if (param.Type.EndsWith("string"))
{
Guid guid = Guid.NewGuid();
paramList.Add(guid);
soapParam.SetValue(guid.ToString());
}
soapOperation.Add(soapParam);
}
XDocument soapDoc = new XDocument(new XDeclaration("1.0", "ascii", "true"), new XElement(soapNS + "Envelope", new XAttribute(XNamespace.Xmlns + "soap", soapNS), new XAttribute("xmlns", xmlNS), soapBody));
int k = 0;
foreach (Guid parm in paramList)
{
string testSoap = soapDoc.ToString().Replace(parm.ToString(), "fd'sa");
byte[] data = System.Text.Encoding.ASCII.GetBytes(testSoap);
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(_endpoint);
req.Headers["SOAPAction"] = op.SoapAction;
req.Method = "POST";
req.ContentType = "text/xml";
req.ContentLength = data.Length;
using (Stream stream = req.GetRequestStream())
stream.Write(data, 0, data.Length);
string resp = string.Empty;
try
{
using (StreamReader rdr = new StreamReader(req.GetResponse().GetResponseStream()))
resp = rdr.ReadToEnd();
}
catch (WebException ex)
{
using (StreamReader rdr = new StreamReader(ex.Response.GetResponseStream()))
resp = rdr.ReadToEnd();
if (resp.Contains("syntax error"))
{
Console.WriteLine("Possible SQL injection vector in parameter: ");
}
Console.Write(type.Parameters[k].Name);
}
k++;
}
}
}
