public async Task <IActionResult> PutSoap(int id, SoapType soapType) { if (id != soapType.Id) { return(BadRequest()); } _context.Entry(soapType).State = EntityState.Modified; try { await _context.SaveChangesAsync(); } catch (DbUpdateConcurrencyException) { if (!SoapExists(id)) { return(NotFound()); } else { throw; } } return(NoContent()); }
public SoapWriter(StringWriter sw, string action, string ns, SoapType soapType, string xmlElementRequestName) : base(sw) { _sw = sw; _action = action; _ns = ns; _soapType = soapType; _xmlElementRequestName = xmlElementRequestName; }
public async Task <ActionResult <Soap> > Post([FromBody] SoapType soapType) { try { _context.SoapTypes.Add(soapType); await _context.SaveChangesAsync(); return(CreatedAtAction("Get", new { id = soapType.Id }, soapType)); } catch (ArgumentException) { return(this.ValidationProblem()); } catch (Exception) { return(this.StatusCode(500, "Internal Server error")); } }
public static string Serialize <T>(T obj, string soapAction, string messageNameSpace, SoapType soapType) { var xmlElementRequestName = typeof(T).GetTypeInfo().GetCustomAttributes <XmlTypeAttribute>().FirstOrDefault()?.TypeName; var env = new SerializeEnvelope <T>(); env.Body.MessageHeader.SoapMessage = obj; var serializer = new XmlSerializer <SerializeEnvelope <T> >(); var sw = new Utf8StringWriter(); var x = new SoapWriter(sw, soapAction, messageNameSpace, soapType, xmlElementRequestName); serializer.Serialize(x, env); var result = x.ToString(); return(result); }
static void FuzzSoapPort(SoapBinding binding) { SoapPortType portType = _wsdl.PortTypes.Single(pt => pt.Name == binding.Type.Split(':')[1]); foreach (SoapBindingOperation op in binding.Operations) { Console.WriteLine("Fuzzing operation: " + op.Name); SoapOperation po = portType.Operations.Single(p => p.Name == op.Name); SoapMessage input = _wsdl.Messages.Single(m => m.Name == po.Input.Split(':')[1]); XNamespace soapNS = "http://schemas.xmlsoap.org/soap/envelope/"; XNamespace xmlNS = op.SoapAction.Replace(op.Name, string.Empty); XElement soapBody = new XElement(soapNS + "Body"); XElement soapOperation = new XElement(xmlNS + op.Name); soapBody.Add(soapOperation); List <Guid> paramList = new List <Guid>(); SoapType type = _wsdl.Types.Single(t => t.Name == input.Parts[0].Element.Split(':')[1]); foreach (SoapTypeParameter param in type.Parameters) { XElement soapParam = new XElement(xmlNS + param.Name); if (param.Type.EndsWith("string")) { Guid guid = Guid.NewGuid(); paramList.Add(guid); soapParam.SetValue(guid.ToString()); } soapOperation.Add(soapParam); } XDocument soapDoc = new XDocument(new XDeclaration("1.0", "ascii", "true"), new XElement(soapNS + "Envelope", new XAttribute(XNamespace.Xmlns + "soap", soapNS), new XAttribute("xmlns", xmlNS), soapBody)); int k = 0; foreach (Guid parm in paramList) { string testSoap = soapDoc.ToString().Replace(parm.ToString(), "fd'sa"); byte[] data = System.Text.Encoding.ASCII.GetBytes(testSoap); HttpWebRequest req = (HttpWebRequest)WebRequest.Create(_endpoint); req.Headers["SOAPAction"] = op.SoapAction; req.Method = "POST"; req.ContentType = "text/xml"; req.ContentLength = data.Length; using (Stream stream = req.GetRequestStream()) stream.Write(data, 0, data.Length); string resp = string.Empty; try { using (StreamReader rdr = new StreamReader(req.GetResponse().GetResponseStream())) resp = rdr.ReadToEnd(); } catch (WebException ex) { using (StreamReader rdr = new StreamReader(ex.Response.GetResponseStream())) resp = rdr.ReadToEnd(); if (resp.Contains("syntax error")) { Console.WriteLine("Possible SQL injection vector in parameter: "); } Console.Write(type.Parameters[k].Name); } k++; } } }