[Owasp-argentina] ASHX, ASMX or What?

Nahuel Grisolia nahuel en bonsai-sec.com
Sab Jun 25 14:07:01 EDT 2011


On 06/25/2011 12:16 PM, Ulises Retamal wrote:
> Hi Nahuel,
> 
> I think you can try by creating and compiling a web service with VS.Net
> for example, and uploading just the ASMX file to a known URL in the
> context of the vulnerable web application. Never tried it before, but in
> my opinion it should work.
> 
> After you have uploaded the ASMX file you can invoke its methods using
> this format:
> http://servername/projectname/xmlwebservicename.asmx/methodname?parametername0=value0&parametername1=value1&...&parameternamen=valuen
> 
> By the way, you can find some reference on creating ASP.Net web services
> here:
> http://oreilly.com/catalog/prognetws/chapter/ch02.html
> 
> Let me know if it works :)
> 

Thanks Ulises, will try :)

regards,
-- 
Nahuel Grisolia - C|EH
Information Security Consultant
Bonsai Information Security Project Leader
http://www.bonsai-sec.com/
(+54-11) 4777-3107


Más información sobre la lista de distribución Owasp-argentina