SOAP Services Home Page

SOAP User Account Service Documentation

This service provides operations to manage user accounts through a SOAP interface.

Endpoint

POST /webservices/soap/ws-user-account.php

Methods

1. Get User (or Get All Users)

Retrieves the account information for the specified user. Passing "*" as the username retrieves all users.

Burp Repeater Request:

POST /webservices/soap/ws-user-account.php HTTP/1.1
Host: mutillidae.localhost
Content-Type: text/xml; charset=utf-8
SOAPAction: "urn:ws-user-account#getUser"
Content-Length: 345

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
                   xmlns:urn="urn:ws-user-account">
   <soapenv:Header/>
   <soapenv:Body>
      <urn:getUser>
         <username>jeremy</username>
      </urn:getUser>
   </soapenv:Body>
</soapenv:Envelope>

curl Command:

curl -X POST "http://mutillidae.localhost/webservices/soap/ws-user-account.php" \
-H "Content-Type: text/xml; charset=utf-8" \
-H "SOAPAction: \"urn:ws-user-account#getUser\"" \
--data "<soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/' \
xmlns:urn='urn:ws-user-account'>
   <soapenv:Header/>
   <soapenv:Body>
      <urn:getUser>
         <username>jeremy</username>
      </urn:getUser>
   </soapenv:Body>
</soapenv:Envelope>"

2. Register User

Creates a new user account with the provided details.

Burp Repeater Request:

POST /webservices/soap/ws-user-account.php HTTP/1.1
Host: mutillidae.localhost
Content-Type: text/xml; charset=utf-8
SOAPAction: "urn:ws-user-account#registerUser"
Content-Length: 530

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
                   xmlns:urn="urn:ws-user-account">
   <soapenv:Header/>
   <soapenv:Body>
      <urn:registerUser>
         <username>Joe</username>
         <password>Holly</password>
         <firstname>Joe</firstname>
         <lastname>Holly</lastname>
         <signature>Try Harder</signature>
      </urn:registerUser>
   </soapenv:Body>
</soapenv:Envelope>

curl Command:

curl -X POST "http://mutillidae.localhost/webservices/soap/ws-user-account.php" \
-H "Content-Type: text/xml; charset=utf-8" \
-H "SOAPAction: \"urn:ws-user-account#registerUser\"" \
--data "<soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/' \
xmlns:urn='urn:ws-user-account'>
   <soapenv:Header/>
   <soapenv:Body>
      <urn:registerUser>
         <username>Joe</username>
         <password>Holly</password>
         <firstname>Joe</firstname>
         <lastname>Holly</lastname>
         <signature>Try Harder</signature>
      </urn:registerUser>
   </soapenv:Body>
</soapenv:Envelope>"

3. Update User

Updates an existing user account or creates a new one if it doesn’t exist.

Burp Repeater Request:

POST /webservices/soap/ws-user-account.php HTTP/1.1
Host: mutillidae.localhost
Content-Type: text/xml; charset=utf-8
SOAPAction: "urn:ws-user-account#updateUser"
Content-Length: 530

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
                   xmlns:urn="urn:ws-user-account">
   <soapenv:Header/>
   <soapenv:Body>
      <urn:updateUser>
         <username>Joe</username>
         <password>NewPass</password>
         <firstname>Joe</firstname>
         <lastname>Holly</lastname>
         <signature>Try Harder Updated</signature>
      </urn:updateUser>
   </soapenv:Body>
</soapenv:Envelope>

curl Command:

curl -X POST "http://mutillidae.localhost/webservices/soap/ws-user-account.php" \
-H "Content-Type: text/xml; charset=utf-8" \
-H "SOAPAction: \"urn:ws-user-account#updateUser\"" \
--data "<soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/' \
xmlns:urn='urn:ws-user-account'>
   <soapenv:Header/>
   <soapenv:Body>
      <urn:updateUser>
         <username>Joe</username>
         <password>NewPass</password>
         <firstname>Joe</firstname>
         <lastname>Holly</lastname>
         <signature>Try Harder Updated</signature>
      </urn:updateUser>
   </soapenv:Body>
</soapenv:Envelope>"

4. Delete User

Deletes an existing user account if it exists and is authenticated correctly.

Burp Repeater Request:

POST /webservices/soap/ws-user-account.php HTTP/1.1
Host: mutillidae.localhost
Content-Type: text/xml; charset=utf-8
SOAPAction: "urn:ws-user-account#deleteUser"
Content-Length: 345

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
                   xmlns:urn="urn:ws-user-account">
   <soapenv:Header/>
   <soapenv:Body>
      <urn:deleteUser>
         <username>joe</username>
         <password>holly</password>
      </urn:deleteUser>
   </soapenv:Body>
</soapenv:Envelope>

curl Command:

curl -X POST "http://mutillidae.localhost/webservices/soap/ws-user-account.php" \
-H "Content-Type: text/xml; charset=utf-8" \
-H "SOAPAction: \"urn:ws-user-account#deleteUser\"" \
--data "<soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/' \
xmlns:urn='urn:ws-user-account'>
   <soapenv:Header/>
   <soapenv:Body>
      <urn:deleteUser>
         <username>joe</username>
         <password>holly</password>
      </urn:deleteUser>
   </soapenv:Body>
</soapenv:Envelope>"