2. Xpath-Injection ?
XML Path or XPath is a language used for querying
information from the nodes of an XML document.
XPath Injection is an attack technique used to exploit
web sites that construct XPath queries from user-
supplied input.
3. Impact of Xpath-Injection
An unauthenticated attacker may extract a complete
XML document using XPath querying. This may
compromise the integrity of your database and expose
sensitive information.
4. Example of XML Document
Lets us take an example of an XML document called employees.xml and see
how an XPath function can be used to retrieve information:
<?xml version="1.0" encoding="ISO-8859-1"?>
<employees>
<employee id=”1”>
<loginID>Mike</loginID>
<accountno>11123</accountno>
<passwd>test123</passwd>
<salary>468100</salary>
</employee>
<employee id=”2”>
<loginID>john</loginID>
<accountno>63458</accountno>
<passwd>myownpass</passwd>
<salary>559833</salary>
</employee>
</employees>
5. Xpath Expression
The function selectNodes takes as parameter the path-
expression which will extract the value in the passwd
node under the employee node from the employees.xml
document.
The path expression for the passwd in this case is
/employees/employee/passwd
Set xmlDoc=CreateObject("Microsoft.XMLDOM")
xmlDoc.async="false"
xmlDoc.load("employees.xml")
xmlobject.selectNodes("/employees/employee/passwd/text()")
6. Xpath Expression….
The result of the above query will be
test123
When an application has to retrieve some information
from the XML based on user input, it fires an XPath
query which gets executed at the server.
xmlobject.selectNodes("/employees/employee/passwd/te
xt()")