[XPATH INJECTION]
GENERAL INFORMATION
NOTES: - Techniques similar to SQLi can be applied. - Main difference is the way the data is structured and the query languaje used. [XPath] - Used more to store configuration files. - If structure is used for authentication, with this attack there's a chance to be able to elevate their privileges on the web site. SAMPLE: <?xml version=”1.0" encoding="utf-8"?> <Employees> <Employee ID="01"> <Name>Thomas </Name> <UserName>Liberty </UserName> <Password>Reserve </Password> </Employee> <Employee ID="02"> <Name>Juan </Name> <UserName>Beltran</UserName> <Password>pass</Password> </Employee> </Employees> XPATH QUERY: "//Employee[UserName/text()='" & Request("UserName") & "' And Password/text()='" & Request("Password") & "']"
©® - Since 2023