Soapbx Oswe Today

Paper: Investigating "soapbx oswe"

• Reconnaissance

  Akount

  Soapbx is frequently paired with another machine named in OSWE exam discussions. While both require bypass and RCE, their methods differ: Auth Bypass Cookie encryption key theft via Path Traversal Magic hash collision in password reset RCE Method Stacked SQL Injection (PostgreSQL) File upload (.htaccess + .php6) Official Reporting Requirements For a formal OSWE submission, your report must include:

  • Fetch and inspect WSDL (typically ?wsdl). Map operations, input/output types, and service endpoints.
  • Tip: Use curl, wget, or Burp Suite to pull WSDL; convert complex types to example requests.

  Executive Summary

  • unserialize() with user input + __destruct in class
  • preg_replace('/.*/e', $_GET['code'], '') (deprecated but exam legacy)
  • extract() variable overwrite
  • file_get_contents("php://filter/...") → LFI to RCE
  • Actors: Remote unauthenticated attacker, authenticated low-privilege user, internal malicious actor.
  • Assets: Confidential data exposed via SOAP responses, server-side file system, backend databases, application logic enabling privilege escalation, ability to execute OS commands via deserialization.
  • Assumptions: Attacker can send crafted SOAP requests to reachable endpoints; WSDLs may be discoverable.