In this blog post I will
discuss a vulnerability I’ve found in the SoapUI product before version 4.6.4
(CVE-2014-1202).
I discovered this vulnerability
during a penetration test in which I saw that the SoapUI software allows the
clients to execute a Java code on the local machine by putting a Java code
inside the following tag:
${=JAVA CODE};
