Re: How to exploit oracle soup router



On Sun, May 9, 2010 at 2:12 PM, Jacky Jack <jacksonsmth698@xxxxxxxxx> wrote:
hello

During this pentest, I've found the Oracle server has enabled oracle
soup router page at
http://x.x.x.x:7778/soap/servlet/soaprouter

Are there any request/exploit sample to prove whether it's vulnerable or not?

You'll probably tell stories about this pen-test later. That is, if
you do your homework. Read on:

http://download-east.oracle.com/docs/cd/B15904_01/web.1012/b14027/oraclesoap.htm

PaulM

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------