XPATH, LDAP, and path traversal injections are common vulnerabilities that allow attackers to bypass authentication or access restricted files. XPATH injection occurs when untrusted user input is inserted into an XPATH query without validation, allowing an attacker to craft input that always returns true. LDAP injection works similarly by manipulating AND and OR clauses. Path traversal works by manipulating file paths to access files outside the intended directory, such as using "../../" to traverse up the file tree. Attackers first identify injectable parameters then test different encoding tricks to evade input validation.