Showing posts from May, 2016

Apache AXIS server pentest

In one of my pentest engagement the scope was to test  a website and its mobile application.
The website seems to be stronger and I was not able to find any vulnerability. So I switched to mobile application.
When I was testing the mobile application, I was doing code analysis and found a URL in the code which was invoking a web service. The URL is as follows.