SOAP XML Injection

Docs > Alerts

Details
Alert ID	90029
Alert Type	Active
Status	beta
Risk	High
CWE
WASC
Technologies Targeted	All
Tags	OWASP_2017_A01 OWASP_2021_A03
More Info	Scan Rule Help

Summary

Some XML injected code has been interpreted by the server.

Solution

Use a detailed description of SOAP attributes in the WSDL file.

Other Info

Some XML injected code has been interpreted by the server.

References

https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2012/07/11/camera-ready.pdf

Code

org/zaproxy/zap/extension/soap/SOAPXMLInjectionActiveScanRule.java