-
Notifications
You must be signed in to change notification settings - Fork 104
Test 12) Weak XML Schema: Undefined Namespace
Yalçın YOLALAN edited this page Mar 28, 2018
·
2 revisions
Vulnerability Type Static
Test Web Service URI http://[yourhostName]/NamespaceAny.wsdl
Vulnerable Code Block The following line specifies a namespace of ##any in the element:
<xs:any namespace="##any" xmlns:xs="http://www.w3.org/2001/XMLSchema" />
Indications of Vulnerability
Static analysis reveals that the wsdl file contains namespace=”##any” element.
- Home
- Installation
- Usage
- Default Parameter Values
- Scope
- Donation
-
Testing Activities
- XML Bombs
- External Entity Attacks
- Insecure Communication
- Insufficient Authentication Test
- Cross Site Scripting
- SQL Injection
- XPATH Injection
- Verbose SOAP Fault Message
- Weak WS-SecurityPolicy: Insecure Transport
- Weak WS-SecurityPolicy: Insufficient Supporting Token Protection
- Weak WS-SecurityPolicy: Tokens Not Protected
- Weak XML Schema: Undefined Namespace
- Weak XML Schema: Unbounded Occurrences