mauzzz Posted May 5, 2013 Share Posted May 5, 2013 This is the hidden content, please Sign In or Sign Up Description: XPath is a query language used to select data from XML data sources. It is increasingly common for web applications to use XML data files on the back-end, using XPath to perform queries much the same way SQL would be used against a relational database. XPath injection, much like SQL injection, exists when a malicious user can insert arbitrary XPath code into form fields and URL query parameters in order to inject this code directly into the XPath query evaluation engine. Doing so would allow a malicious user to bypass authentication (if an XML-based authentication system is used) or to access restricted data from the XML data source. Video Demo: This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
sQuo Posted May 5, 2013 Share Posted May 5, 2013 Re: Xpath Blind Explorer 1.0 eres el rey de las tools az: Link to comment Share on other sites More sharing options...
Recommended Posts