Posts

Showing posts from May, 2016

Apache AXIS server pentest

Image
In one of my pentest engagement the scope was to test  a website abc.com/xyz/pqr.html and its mobile application.
The website seems to be stronger and I was not able to find any vulnerability. So I switched to mobile application.
When I was testing the mobile application, I was doing code analysis and found a URL in the code which was invoking a web service. The URL is as follows.

https://abc.com/InstaWebServices/services/VersionCheck