[Owasp-argentina] ASHX, ASMX or What?

Nahuel Grisolia nahuel en bonsai-sec.com
Sab Jun 25 14:07:01 EDT 2011

On 06/25/2011 12:16 PM, Ulises Retamal wrote:
> Hi Nahuel,
> I think you can try by creating and compiling a web service with VS.Net
> for example, and uploading just the ASMX file to a known URL in the
> context of the vulnerable web application. Never tried it before, but in
> my opinion it should work.
> After you have uploaded the ASMX file you can invoke its methods using
> this format:
> http://servername/projectname/xmlwebservicename.asmx/methodname?parametername0=value0&parametername1=value1&...&parameternamen=valuen
> By the way, you can find some reference on creating ASP.Net web services
> here:
> http://oreilly.com/catalog/prognetws/chapter/ch02.html
> Let me know if it works :)

Thanks Ulises, will try :)

Nahuel Grisolia - C|EH
Information Security Consultant
Bonsai Information Security Project Leader
(+54-11) 4777-3107

Más información sobre la lista de distribución Owasp-argentina