Web Services Description Language (WSDL) is an XML-based language used to describe the functionality offered by a web service. Often while executing a pentest project, we may find a WSDL file out in the open, unauthenticated. In this recipe, we will look at how we can benefit from WSDL.
Exploiting WSDLs with Wsdler
How to do it...
We intercept the request of WSDL in Burp:
- Right-click on the request and select Parse WSDL:
- Switch to the Wsdler tab, and we will see all the service calls. We can see the complete request by clicking on any one of them:
- To be able to play around with it, we will need to send it to the Repeater:
- We right-click and select Send to Repeater:
- In our case, we can see that putting a single...