sQuo Posted July 7, 2013 Share Posted July 7, 2013 Description: In this video you will learn how to exploit Blind Xpath Injection using a tool of Blind Xpath Injection. This is the hidden content, please Sign In or Sign Up XPath is a type of query language that describes how to locate specific elements (including attributes, processing instructions, etc.) in an XML document. Since it is a query language, XPath is somewhat similar to Structured Query Language (SQL), however, XPath is different in that it can be used to reference almost any part of an XML document without access control restrictions. In SQL, a "user" (which is a term undefined in the XPath/XML context) may be restricted to certain databases, tables, columns, or queries. Using an XPATH Injection attack, an attacker is able to modify the XPATH query to perform an action of his choosing. Link to comment Share on other sites More sharing options...
Recommended Posts