An XPath Injection attack involves employing manipulating XPath
queries in certain ways in order to extract information from an
XML database. It is a relatively new technique which is similar to some degree to SQL injection attacks.
XPath, short for XML Path Language, enables one to select information within an XML document by referring to any sort of data (text, elements, attributes…) contained within the document.
- Testing for XPath Injection (WSTG-INPV-09)
- See Root-me – Web Server – XPath injection – Authentication
Examples
Inject this in parameters, very similar to SQL injection:
Bypass authentication in username parameter
' or 1=1 or ''='
username=John'] | P | //user[name/text()='John&password=a