SOAP UI malforms Request Body

[onetr1ck]

Given data with these special characters (in this order) "${" (without quotes) the sent Request Body is malformed. This is also true for strings like "abc$fghi{jklm" if there are not "enough" uncritical characters between the above mentioned characters. This can be recorded with wireshark or tcpdump. Tested Versions: 5.7.0 and 5.6.1 (both affected)

Given request:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="myURL">
   <soapenv:Header/>
   <soapenv:Body>
      <web:MyList>
         <web:cmdHeader>
            <id>?</id>
            <uuid>?</uuid>
            <creationDateTime>?</creationDateTime>
            <senderBusinessSystemID>?</senderBusinessSystemID>
         </web:cmdHeader>
         <!--1 or more repetitions:-->
         <ListItem>
            <myItemXYZ>aaaaaa${bbbbbb</myItemXYZ>
         </ListItem>
      </web:MyList>
   </soapenv:Body>
</soapenv:Envelope>

Output request (recorded with wireshark):

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="myURL">
   <soapenv:Header/>
   <soapenv:Body>
      <web:MyList>
         <web:cmdHeader>
            <id>?</id>
            <uuid>?</uuid>
            <creationDateTime>?</creationDateTime>
            <senderBusinessSystemID>?</senderBusinessSystemID>
         </web:cmdHeader>
         <!--1 or more repetitions:-->
         <ListItem>
            <myItemXYZ>aaaaaa<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="myURL">
   <soapenv:Header/>
   <soapenv:Body>
      <web:MyList>
         <web:cmdHeader>
            <id>?</id>
            <uuid>?</uuid>
            <creationDateTime>?</creationDateTime>
            <senderBusinessSystemID>?</senderBusinessSystemID>
         </web:cmdHeader>
         <!--1 or more repetitions:-->
         <ListItem>
            <myItemXYZ>aaaaaa${bbbbbb</myItemXYZ>
         </ListItem>
      </web:MyList>
   </soapenv:Body>
</soapenv:Envelope>