From SOAP to Shell: Exploiting Legacy SOAP Services for Full Admin Account Takeover (And Nearly…
1 min read
Summary
Security researcher, Navient, has detailed how an exposed SOAP service allowed him to gain full control of user accounts, including admin privileges, on a popular software provider’s systems.
The researcher found that the Simple Object Access Protocol (SOAP) service, which should have been kept private, was exposed online and could be accessed by anyone.
Using this access, he was able to manipulate user data, including email addresses and usernames, as well as gain privileges which included Active Directory operations, without any authentication required.
The vulnerability also provided potential for further Remote Code Execution (RCE) via chained payloads or memory trickery.
It serves as a cautionary tale for companies with legacy systems to check that they aren’t exposed to potential attack.