Penetration Testing mailing list archives

Re: How to exploit oracle soup router

From: Paul Melson <pmelson () gmail com>
Date: Mon, 10 May 2010 23:28:24 -0400

On Sun, May 9, 2010 at 2:12 PM, Jacky Jack <jacksonsmth698 () gmail com> wrote:

hello

During this pentest, I've found the Oracle server has enabled oracle
soup router page at
http://x.x.x.x:7778/soap/servlet/soaprouter

Are there any request/exploit sample to prove whether it's vulnerable or not?


You'll probably tell stories about this pen-test later.  That is, if
you do your homework.  Read on:

http://download-east.oracle.com/docs/cd/B15904_01/web.1012/b14027/oraclesoap.htm

PaulM

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

How to exploit oracle soup router Jacky Jack (May 10)
- Re: How to exploit oracle soup router Paul Melson (May 11)