soapui
soapui copied to clipboard
Published
20 hours ago •
SmartBear
SmartBear
SOAP UI malforms Request Body
Given data with these special characters (in this order) "${" (without quotes) the sent Request Body is malformed. This is also true for strings like "abc$fghi{jklm" if there are not "enough" uncritical characters between the above mentioned characters. This can be recorded with wireshark or tcpdump. Tested Versions: 5.7.0 and 5.6.1 (both affected)
Given request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="myURL">
<soapenv:Header/>
<soapenv:Body>
<web:MyList>
<web:cmdHeader>
<id>?</id>
<uuid>?</uuid>
<creationDateTime>?</creationDateTime>
<senderBusinessSystemID>?</senderBusinessSystemID>
</web:cmdHeader>
<!--1 or more repetitions:-->
<ListItem>
<myItemXYZ>aaaaaa${bbbbbb</myItemXYZ>
</ListItem>
</web:MyList>
</soapenv:Body>
</soapenv:Envelope>
Output request (recorded with wireshark):
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="myURL">
<soapenv:Header/>
<soapenv:Body>
<web:MyList>
<web:cmdHeader>
<id>?</id>
<uuid>?</uuid>
<creationDateTime>?</creationDateTime>
<senderBusinessSystemID>?</senderBusinessSystemID>
</web:cmdHeader>
<!--1 or more repetitions:-->
<ListItem>
<myItemXYZ>aaaaaa<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="myURL">
<soapenv:Header/>
<soapenv:Body>
<web:MyList>
<web:cmdHeader>
<id>?</id>
<uuid>?</uuid>
<creationDateTime>?</creationDateTime>
<senderBusinessSystemID>?</senderBusinessSystemID>
</web:cmdHeader>
<!--1 or more repetitions:-->
<ListItem>
<myItemXYZ>aaaaaa${bbbbbb</myItemXYZ>
</ListItem>
</web:MyList>
</soapenv:Body>
</soapenv:Envelope>
