Apache AXIS server pentest


              In one of my pentest engagement the scope was to test  a website abc.com/xyz/pqr.html and its mobile application.
The website seems to be stronger and I was not able to find any vulnerability. So I switched to mobile application.
When I was testing the mobile application, I was doing code analysis and found a URL in the code which was invoking a web service. The URL is as follows.

https://abc.com/InstaWebServices/services/VersionCheck




After going through some vulnerability reading of AXIS server I triggered the following URL which gave me the version of Apache Axis server and other details.

https://abc.com/InstaWebServices/services/VersionCheck?wsdl



There is an information disclosure exploit present for this version of Apache Axis which can be found on https://www.exploit-db.com/exploits/29930/

The exploit says:

Apache AXIS is prone to a path-information-disclosure vulnerability. Remote unauthorized attackers may be able to determine webserver directory paths.
 
Information obtained may aid attackers in launching further attacks against an affected server.
 
Apache AXIS 1.0 is vulnerable to this issue.
 
http://www.example.com/axis/tt_pm4l.jws?wsdl
(Quoted from exploit-db.com)

So accessing similar URL for my server gave me the following:

https://abc.com/InstaWebServices/services/VersionCheck/t_pm4l.jws?wsdl


It seems that debugging is disabled from the webserver side and I did not get sensitive information from the error.

There was also an instance of Content-injection with CRLF vulnerability on Apache Axis 1.4 reported by nososecure.com

https://www.notsosecure.com/apache-axis-crlf-and-content-injection/


This was all about Apache Axis pentest.

Comments

  1. Sir Can you please recommend some good books for network pentesting. Possible even good tutorial. I need to prepare for OSCP and my network concept and pentesting all topic are weak.. PLease provide as many good book and Tutorial.

    ReplyDelete
  2. Check out the following tutorials: 1) https://www.cybrary.it/course/metasploit/ 2) https://www.cybrary.it/course/advanced-penetration-testing/ 3) https://www.cybrary.it/course/post-exploitation-hacking/

    ReplyDelete

Post a Comment

Popular posts from this blog

MY OSCP REVIEW

Minishare 1.4.1 Bufferoverflow

EchoServer (Strcpy) bufferoverflow Securitytube Exploit research Megaprimer