Xpath injection in XML databases

736 views
520 views

Published on

XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input.

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
736
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
35
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Xpath injection in XML databases

  1. 1. XPath Injection in XML Databases
  2. 2. Xpath-Injection ?  XML Path or XPath is a language used for querying information from the nodes of an XML document.  XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user- supplied input.
  3. 3. Impact of Xpath-Injection  An unauthenticated attacker may extract a complete XML document using XPath querying. This may compromise the integrity of your database and expose sensitive information.
  4. 4. Example of XML Document  Lets us take an example of an XML document called employees.xml and see how an XPath function can be used to retrieve information:  <?xml version="1.0" encoding="ISO-8859-1"?>  <employees>  <employee id=”1”>  <loginID>Mike</loginID>  <accountno>11123</accountno>  <passwd>test123</passwd>  <salary>468100</salary>  </employee>   <employee id=”2”>  <loginID>john</loginID>  <accountno>63458</accountno>  <passwd>myownpass</passwd>  <salary>559833</salary>  </employee>  </employees>
  5. 5. Xpath Expression  The function selectNodes takes as parameter the path- expression which will extract the value in the passwd node under the employee node from the employees.xml document.  The path expression for the passwd in this case is /employees/employee/passwd Set xmlDoc=CreateObject("Microsoft.XMLDOM") xmlDoc.async="false" xmlDoc.load("employees.xml") xmlobject.selectNodes("/employees/employee/passwd/text()")
  6. 6. Xpath Expression….  The result of the above query will be test123  When an application has to retrieve some information from the XML based on user input, it fires an XPath query which gets executed at the server.  xmlobject.selectNodes("/employees/employee/passwd/te xt()")
  7. 7. XPath Injection Attack Technique
  8. 8. Bypassing Authentication ( In Username Field)
  9. 9. Bypassing Authentication… ( In Username Field)
  10. 10. Bypassing Authentication… ( In Password Field)

×