Hello, I tried to solve this problem with burp suite
(I already solved this with python script)
but Like this, Although I write the right ‘SOAPAction: Login’ HTTP Header, There is no ‘SOAPAction header’ error message in the response. what is the problem of my request…??
Hi,
I don’t know if your question is still valid but your issue is most probably that you didn’t use “” when defining SOAPAction: “Login” & Content-Type is invalid, for SOAP it should be:
text/xml; charset=utf-8
full request should be like this
POST /wsdl HTTP/1.1
Host: X.X.X.X
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: MOZZILLA
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close
Content-Type: text/xml; charset=utf-8
SOAPAction: “Login”
Content-Length: 509
< soap:Envelope xmlns:soap=“http://schemas.xmlsoap.org/soap/envelope/” xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance” xmlns:tns=“http://tempuri.org” xmlns:tm=“http://microsoft.com/wsdl/mime/textMatching/”>
< soap:Body>
< LoginRequest xmlns=“http://tempuri.org/”>
< username> YOUR_SQL_INJECTION < /username>
< password> whatever < /password>
< /LoginRequest>
< /soap:Body>
< /soap:Envelope>
here are extra spaces as HTB format it and it’s invisible 
kind regards 
