Skip to Main Content

Integration

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Scanning SOAP webservices for vulnerabilities

User_8H0DVMay 12 2020 — edited May 20 2020

I tried running a web application scan on below WSDL

http://www.myorg.com/services/Handling?WSDL

and received the error message

I am not posting my actual company URL for privacy reasons but using myorg.com

"Failed to parse the WSDL due to following error in the WSDL.

Schema Parser Exception : Error while parsing imported namespace http://xmlns.oracle.com/ouaf Fatal Error in SchemaParser"

I know http://xmlns.oracle.com/ouaf  goes to an Error page in Oracle but this WSDL was auto-generated by Oracle weblogic for services it provides out of the box. Oracle SOA(Service-Oriented Architecture) composite is an assembly of services, service components, and references designed and deployed together in a single application and it generated this WSDL. We did not build this WSDL so the SOA team does not know how to change/fix this WSDL.  We are using Oracle web logic server 12.2.1.3

1. Has anyone faced such errors with Oracle SOA generated WSDL and if yes, how can this be addressed?

2. Any other suggestions for finding vulnerabilities in SOAP API would be helpful. We are using Business Process Execution Language for Web Services

Comments

fac586
I would also like for the region title of certain regions to be dynamic, or rather equaling the value of some item on the page. I did some digging on Google and found that this was apparently possible in Apex 3, but I'm currently working in Apex 4.
What makes you think that these methods don't work in APEX 4.0? Did you try them?

Use the static text exact substitution method to reference the value of the page item in the region title attribute:
&P1_TITLE.
Ensure the page item value is set before the titled region is rendered (e.g. using a Before Header Computation).
860960
I tried this in Application Express 4.0.2.00.07 and it works
Chandran
Could you please give a sample code
Jozef Demovic SVK
Hi,
Here is the example.

Type something like: "Order &P4_ORDER_NR." to the TITLE of the region.
- if item P4_ORDER_NR has value of 01/2012 then the Region Title will be "Order 01/2012".

Regards
J :D
917318
jozef_SVK wrote:
Hi,
Here is the example.

Type something like: "Order &P4_ORDER_NR." to the TITLE of the region.
- if item P4_ORDER_NR has value of 01/2012 then the Region Title will be "Order 01/2012".

Regards
J :D
Hi,

I've tried to handle item value. and I got a problem.

If I use Region Title: Role Description: &P4_POSITION_ID. - it shows : Role Description: 2
but when I inserted Region Title: Role Description: &P4_POSITION. it shows only Role Description:.

where P4_POSITION_ID - is Database column with source Position_ID
while P4_POSITION - is SQL query with source select e.POSITION_NAME from POSITION e where e.POSITION_ID = :P4_POSITION_ID

As I understand problem is when page is loaded P4_POSITION_ID item handle value, but P4_POSITION is empty.
but how to solve it?
Deep_in_Texas
When does the following code executes on your page?

while P4_POSITION - is SQL query with source select e.POSITION_NAME from POSITION e where e.POSITION_ID = :P4_POSITION_ID

Thanks
Pradeep

(I changed my handle but it's still displaying the number !!!!)

Edited by: 965010 on Oct 12, 2012 7:31 AM
917318
Deep_in_Texas wrote:
When does the following code executes on your page?

while P4_POSITION - is SQL query with source select e.POSITION_NAME from POSITION e where e.POSITION_ID = :P4_POSITION_ID

Thanks
Pradeep

(I changed my handle but it's still displaying the number !!!!)

Edited by: 965010 on Oct 12, 2012 7:31 AM
I don't know when it is executed. I've just created page item P4_POSITION and made it as SQL query.

Actually, value in the P4_POSITION_ID item is from POSITION_ID in EMPLOYEE table, which contains primary key EMPLOYEE_ID and has foreign key - POSITION_ID,
POSITION_ID is a primary key of POSITION table, which contains POSITION_NAME.

What I made is I created link from page 3 using EMPLOYEE_ID to redirect to page 4. There are all items in the page 4, which are in the EMPLOYEE table. But I need to show POSITION_NAME from POSITION table. So I created page item P4_POSITION as I mentioned before.

Do I need to create dinamic action or process before handling Region title?
1030438

The value for the item you wish to include in the title must be set at "Before Header" execution point (or earlier). If you're using an automated row fetch, I think you can simply move the row fetch process to the "Before Header" execution point.

1 - 8

Post Details

Added on May 12 2020
2 comments
186 views