AdIDoS: Automatically placed payload placeholder result in malformed requests

[kmzs]

The AdIDoS plugin places the payload placeholder according to xml schema files but does not consider that some positions where elements or attributes can be placed might result in requests that the service does not accept.
The result is a not working attack and the following error in the log:

WARN [PossibleState] The SOAP request seems to be malformed! No request was send successfully. Abort execution.

This error occurs in two different situations:

1. If the service uses a signature to protect certain elements (for example the <soap:body>-element), the signature verification will fail if the AdIDoS plugin places any payload elements/attributes inside this signed element or inside the <ds:SignedInfo>-element.
2. If the service uses a signature or encryption to secure the web service, some web services* will reject the requests because the AdIDoS plugin adds all possible elements to the <ds:KeyInfo>-element. According to the schema files only one type of elements (<ds:KeyName>, <ds:KeyValue>, <ds:RetrievalMethod>, <ds:X509Data>, <ds:PGPData>, <ds:SPKIData> or <ds:MgmtData>) is allowed to be present within the <ds:KeyInfo>-element at the same time.
   (* Whether the web service will accept or reject requests with more than one type of elements within the <ds:KeyInfo>-element, depends on the framework the service is built on. CXF and Axis2 web services will reject these requests. Metro web services will accept them.)

This error can be reproduced with one of the sample web services "CXF-Sign", "Axis2-Sign", "CXF-Enc", "Axis2-Enc", "CXF-EncSign" or "Axis2-EncSign" by using the default message with the automatically placed payload placeholder for any attack.