XPath injection

XPath injection

Published on 2006-01-26. Updated on 2009-04-22.

Description:
This script is possibly vulnerable to XPath Injection attacks.

XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input.

Impact:
An unauthenticated attacker may extract a complete XML document using XPath querying. This may compromise the integrity of your database and expose sensitive information.

Recommendation:
Your script should filter metacharacters from user input.

Tags: Parameter manipulation

Alert Tags: xpath_injection
ApplicableApplicationServer : All
ApplicableOS: All
ApplicableWebServer: All

References:

XPath injection in XML databases

Go Back

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking