SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies and WSDL

Posted by campuscodi 1 day ago

Counter12Comment2OpenOriginal

Comments

Comment by eek2121 1 day ago

Well, that was a wild read. I'm surprised it isn't getting more traction.

So, full disclosure, I'm no longer a developer due to disabilities, including one that keep me from being able to write code, however: I love C# and .NET, and a good portion of my early career was working with C#, .NET, and SOAP. That being said, Microsoft's response to this bug alone have turned me off to the language and framework. They clearly don't take security seriously. They favor possible compatibility issues over the hijacking of a bunch of servers on the internet. That attitude is not okay. I bet a simple code scan could probably find a whole bunch of endpoints that are vulnerable to this.

I would not be surprised if some of their own web applications are affected by this vulnerability.

Thanks for the read.

Comment by butvacuum 1 day ago

Note- 1) this is .Net Framework- which is in a holding pattern. 2) this requires inherently insecure code to be written- 3) I can't find it right now- but I seem to recall there being an option when defining the service in a web.config to write to a file instead of a http endpoint- ostensibly for development purposes.

These don't completely negate a WONTFIX response though- after all, .Net Framework 4.?? Disabled XML External Entities and schema loading by default.

Comment by 19 hours ago