SlideShare una empresa de Scribd logo

XPath Injection

Descargar como PPT, PDF
Roberto Suggi Liverani
Roberto Suggi Liverani

Talk covering the basics of XPath and injection attacks against application using XPath as a query language.

Tecnología
1 de 23
OWASP – XPath Injection overview Roberto Suggi Liverani Security Consultant Security-Assessment.com 21 February 2008
Who am I? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What is XPath? ,[object Object],[object Object],[object Object],[object Object],[object Object]
An XML document from XPath perspective (1/2) ,[object Object]
An XML document from Xpath perspective (2/2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
XPath Syntax (1/3) ,[object Object],[object Object],[object Object],Expression Description nodename Selects all child nodes of the named node / Selects from the root node // Selects nodes in the document from the current node that match the selection no matter where they are . Selects the current node .. Selects the parent of the current node
XPath Syntax (2/3) ,[object Object]
XPath Syntax – other query examples (3/3) Expression Result users Selects all the child nodes of the users element /users Selects the root element users users/user Selects all user elements that are children of users //users Selects all users elements no matter where they are in the document users//user Selects all user elements that are descendant of the users element, no matter where they are under the users element
XPath Predicates ,[object Object],[object Object],XPath operators are shown in red . Expression Result /users/user[1] Selects the first user element that is the child of the users element. /users/user[last()] Selects the last user element that is the child of the users element /users/user[position() < 3] Selects the first two user elements that are children of the users element //username[@id = '1'] Selects all the username elements that have an attribute named id with a value of ‘1'
XPath Location Path (1/2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
XPath Location Path – Examples (2/2) XPath Wilcards are bolded in red . XPath Axisname are underlined. Example Result child ::user Selects all user nodes that are children of the current node attribute ::id Selects the id attribute of the current node child :: * Selects all children of the current node attribute :: * Selects all attributes of the current node child :: text() Selects all text child nodes of the current node child :: node() Selects all child nodes of the current node descendant ::users Selects all users descendants of the current node
XPath Functions ,[object Object],[object Object],[object Object],Function Name Description substring( string,start,len ) Returns the substring from the start position to the specified length. Index of the first character is 1. If length is omitted it returns the substring from the start position to the end string-length( string ) Returns the length of the specified string. count( (item,item,...) ) Returns the count of nodes starts-with( string1,string2 ) Returns true if string1 starts with string2, otherwise it returns false contains( string1,string2 ) Returns true if string1 contains string2, otherwise it returns false number( arg ) Returns the numeric value of the argument. The argument could be a boolean, string, or node-set string( arg ) Returns the string value of the argument. The argument could be a number, boolean, or node-set
XPath Injection (1/2) ,[object Object],[object Object],VB : Dim FindUserXPath as String FindUserXPath = &quot;//Users/user[username/text()='&quot; & Request(&quot;Username&quot;) & &quot;' And password/text()='&quot; & Request(&quot;Password&quot;) & &quot;']&quot; C# : String FindUserXPath; FindUserXPath = &quot;//Users/user[username/text()='&quot; + Request(&quot;Username&quot;) + &quot;' And password/text()='&quot; + Request(&quot;Password&quot;) + &quot;']&quot;; Username = user Password = password XPath query becomes: //users/user[username/text()=‘ user ’ and password/text()=‘ password ’]
XPath Injection (2/2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Username = user’ or ‘1’ = ‘1 Password = password XPath query becomes: //users/user[username/text()=‘ user’ or ‘1’ = ‘1 ’ and password/text()=‘ password ’]
Blind XPath Injection (1/3) ,[object Object],[object Object],[object Object],[object Object],Username = user Password = password XPath query becomes: //users/user[username/text()=‘ user ’ and password/text()=‘ password ’] Username = jjj' or name(//users/user/username[1]) = 'username' or 'a'='b Password = password XPath query becomes: //users/user[username/text()=‘ jjj' or name(//users/user/username[1]) = 'username' or 'a'='b' and password/text()=‘ password ’]
Blind XPath Injection (2/3) ,[object Object],[object Object],count(//user/child::node()) Username = root' and substring((//user[position()=2]/child::node()[position()=1]),1,1)=&quot;a&quot; and '1' = '1 Password = OAhhgg XPath query becomes: //users/user[username/text()= ‘root’ and substring((//user[position()=2]/child::node()[position()=1]),1,1)=&quot;a&quot; and '1' = '1' and password/text()=‘ OAhhgg ’]
Blind XPath Injection – (3/3) ,[object Object],[object Object],[object Object],[object Object],string-length(//username[position()=1]/child::node()[position()=1])=4 count(//user/child::node()) contains(//username[position()=1]/child::node()[position()=1],”r”)
XPath Injection Countermeasures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],XPathNodeIterator custData = XPathCache.Select( &quot;//customer[@name=$name and @password=$password]&quot;, customersDocument, new XPathVariable(&quot;name&quot;, txtName.Text), new XPathVariable(&quot;password&quot;, txtPassword.Text));
Questions/Conclusion ,[object Object],[object Object],[object Object],[object Object]
References – Misc. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
References ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
References ,[object Object],[object Object]

Recomendados

Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
 
OWASP A4 XML External Entities (XXE)
OWASP A4 XML External Entities (XXE)OWASP A4 XML External Entities (XXE)
OWASP A4 XML External Entities (XXE)
Michael Furman
 
XSS
XSSXSS
XSS
Hrishikesh Mishra
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
 
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat Security Conference
 
ORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORMORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORM
Mikhail Egorov
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS Vectors
Rodolfo Assis (Brute)
 
Rest API Security
Rest API SecurityRest API Security
Rest API Security
Stormpath
 

Recomendados

Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
 
OWASP A4 XML External Entities (XXE)
OWASP A4 XML External Entities (XXE)OWASP A4 XML External Entities (XXE)
OWASP A4 XML External Entities (XXE)
Michael Furman
 
XSS
XSSXSS
XSS
Hrishikesh Mishra
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
 
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat Security Conference
 
ORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORMORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORM
Mikhail Egorov
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS Vectors
Rodolfo Assis (Brute)
 
Rest API Security
Rest API SecurityRest API Security
Rest API Security
Stormpath
 
CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application Technologies
Sam Bowne
 
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4hackers.com
 
XML & XPath Injections
XML & XPath InjectionsXML & XPath Injections
XML & XPath Injections
AMol NAik
 
Time-Based Blind SQL Injection
Time-Based Blind SQL InjectionTime-Based Blind SQL Injection
Time-Based Blind SQL Injection
matt_presson
 
Windows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahWindows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv Shah
OWASP Delhi
 
Secure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best PracticesSecure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best Practices
Websecurify
 
PHP variables
PHP variablesPHP variables
PHP variables
Siddique Ibrahim
 
Password management for you
Password management for youPassword management for you
Password management for you
Chit Ko Ko Win
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
CODE BLUE
 
Introduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring SecurityIntroduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring Security
Bruno Henrique Rother
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
Avinash Thapa
 
Clean Code
Clean CodeClean Code
Clean Code
Hendrik Ebel
 
Java Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug ClassJava Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug Class
CODE WHITE GmbH
 
XXE
XXEXXE
XXE
n|u - The Open Security Community
 
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
Mario Heiderich
 
ORM Injection
ORM InjectionORM Injection
ORM Injection
Simone Onofri
 
Clean code
Clean codeClean code
Clean code
Arturo Herrero
 
Clean Code I - Best Practices
Clean Code I - Best PracticesClean Code I - Best Practices
Clean Code I - Best Practices
Theo Jungeblut
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
Mohammed Danish Amber
 
Hacking XPATH 2.0
Hacking XPATH 2.0Hacking XPATH 2.0
Hacking XPATH 2.0
michelemanzotti
 
Xml session
Xml sessionXml session
Xml session
Farag Zakaria
 

Más contenido relacionado

La actualidad más candente

Time-Based Blind SQL Injection
Time-Based Blind SQL InjectionTime-Based Blind SQL Injection
Time-Based Blind SQL Injection
matt_presson
 
Secure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best PracticesSecure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best Practices
Websecurify
 
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
CODE BLUE
 
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
Mario Heiderich
 
Clean Code I - Best Practices
Clean Code I - Best PracticesClean Code I - Best Practices
Clean Code I - Best Practices
Theo Jungeblut
 

La actualidad más candente (20)

CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application Technologies
 
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
 
XML & XPath Injections
XML & XPath InjectionsXML & XPath Injections
XML & XPath Injections
 
Time-Based Blind SQL Injection
Time-Based Blind SQL InjectionTime-Based Blind SQL Injection
Time-Based Blind SQL Injection
 
Windows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahWindows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv Shah
 
Secure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best PracticesSecure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best Practices
 
PHP variables
PHP variablesPHP variables
PHP variables
 
Password management for you
Password management for youPassword management for you
Password management for you
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
 
Introduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring SecurityIntroduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring Security
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 
Clean Code
Clean CodeClean Code
Clean Code
 
Java Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug ClassJava Deserialization Vulnerabilities - The Forgotten Bug Class
Java Deserialization Vulnerabilities - The Forgotten Bug Class
 
XXE
XXEXXE
XXE
 
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes,...
 
ORM Injection
ORM InjectionORM Injection
ORM Injection
 
Clean code
Clean codeClean code
Clean code
 
Clean Code I - Best Practices
Clean Code I - Best PracticesClean Code I - Best Practices
Clean Code I - Best Practices
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 

Similar a XPath Injection

Article link httpiveybusinessjournal.compublicationmanaging-.docx
Article link httpiveybusinessjournal.compublicationmanaging-.docxArticle link httpiveybusinessjournal.compublicationmanaging-.docx
Article link httpiveybusinessjournal.compublicationmanaging-.docx
fredharris32
 
CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...
CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...
CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...
ijdms
 
Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...
Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...
Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...
ijdms
 

Similar a XPath Injection (20)

Hacking XPATH 2.0
Hacking XPATH 2.0Hacking XPATH 2.0
Hacking XPATH 2.0
 
Xml session
Xml sessionXml session
Xml session
 
XPath - XML Path Language
XPath - XML Path LanguageXPath - XML Path Language
XPath - XML Path Language
 
ITU - MDD - XText
ITU - MDD - XTextITU - MDD - XText
ITU - MDD - XText
 
Selenium-Locators
Selenium-LocatorsSelenium-Locators
Selenium-Locators
 
Xpath.pdf
Xpath.pdfXpath.pdf
Xpath.pdf
 
Developing web apps using Erlang-Web
Developing web apps using Erlang-WebDeveloping web apps using Erlang-Web
Developing web apps using Erlang-Web
 
Sax Dom Tutorial
Sax Dom TutorialSax Dom Tutorial
Sax Dom Tutorial
 
Article link httpiveybusinessjournal.compublicationmanaging-.docx
Article link httpiveybusinessjournal.compublicationmanaging-.docxArticle link httpiveybusinessjournal.compublicationmanaging-.docx
Article link httpiveybusinessjournal.compublicationmanaging-.docx
 
XPath XSLT Workshop - Concept Listing
XPath XSLT Workshop - Concept ListingXPath XSLT Workshop - Concept Listing
XPath XSLT Workshop - Concept Listing
 
Slice for Distributed Persistence (JavaOne 2010)
Slice for Distributed Persistence (JavaOne 2010)Slice for Distributed Persistence (JavaOne 2010)
Slice for Distributed Persistence (JavaOne 2010)
 
CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...
CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...
CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...
 
Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...
Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...
Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...
 
Introduction to XML
Introduction to XMLIntroduction to XML
Introduction to XML
 
C1320prespost
C1320prespostC1320prespost
C1320prespost
 
Xml presentation
Xml presentationXml presentation
Xml presentation
 
Multi Document Text Summarization using Backpropagation Network
Multi Document Text Summarization using Backpropagation NetworkMulti Document Text Summarization using Backpropagation Network
Multi Document Text Summarization using Backpropagation Network
 
Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4
 
Struts2
Struts2Struts2
Struts2
 
Stax parser
Stax parserStax parser
Stax parser
 

Más de Roberto Suggi Liverani

Cross Context Scripting attacks & exploitation
Cross Context Scripting attacks & exploitationCross Context Scripting attacks & exploitation
Cross Context Scripting attacks & exploitation
Roberto Suggi Liverani
 
Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012
Roberto Suggi Liverani
 
None More Black - the Dark Side of SEO
None More Black - the Dark Side of SEONone More Black - the Dark Side of SEO
None More Black - the Dark Side of SEO
Roberto Suggi Liverani
 
Bridging the gap - Security and Software Testing
Bridging the gap - Security and Software TestingBridging the gap - Security and Software Testing
Bridging the gap - Security and Software Testing
Roberto Suggi Liverani
 
Exploiting Firefox Extensions
Exploiting Firefox ExtensionsExploiting Firefox Extensions
Exploiting Firefox Extensions
Roberto Suggi Liverani
 

Más de Roberto Suggi Liverani (13)

I got 99 trends and a # is all of them
I got 99 trends and a # is all of themI got 99 trends and a # is all of them
I got 99 trends and a # is all of them
 
Augmented reality in your web proxy
Augmented reality in your web proxyAugmented reality in your web proxy
Augmented reality in your web proxy
 
Cross Context Scripting attacks & exploitation
Cross Context Scripting attacks & exploitationCross Context Scripting attacks & exploitation
Cross Context Scripting attacks & exploitation
 
Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012
 
None More Black - the Dark Side of SEO
None More Black - the Dark Side of SEONone More Black - the Dark Side of SEO
None More Black - the Dark Side of SEO
 
Bridging the gap - Security and Software Testing
Bridging the gap - Security and Software TestingBridging the gap - Security and Software Testing
Bridging the gap - Security and Software Testing
 
Defending Against Application DoS attacks
Defending Against Application DoS attacksDefending Against Application DoS attacks
Defending Against Application DoS attacks
 
Exploiting Firefox Extensions
Exploiting Firefox ExtensionsExploiting Firefox Extensions
Exploiting Firefox Extensions
 
Black Energy18 - Russian botnet package analysis
Black Energy18 - Russian botnet package analysisBlack Energy18 - Russian botnet package analysis
Black Energy18 - Russian botnet package analysis
 
Web Spam Techniques
Web Spam TechniquesWeb Spam Techniques
Web Spam Techniques
 
Reversing JavaScript
Reversing JavaScriptReversing JavaScript
Reversing JavaScript
 
Ajax Security
Ajax SecurityAjax Security
Ajax Security
 
Browser Security
Browser SecurityBrowser Security
Browser Security
 

Último

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Último (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

XPath Injection

  • 1. OWASP – XPath Injection overview Roberto Suggi Liverani Security Consultant Security-Assessment.com 21 February 2008
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. XPath Syntax – other query examples (3/3) Expression Result users Selects all the child nodes of the users element /users Selects the root element users users/user Selects all user elements that are children of users //users Selects all users elements no matter where they are in the document users//user Selects all user elements that are descendant of the users element, no matter where they are under the users element
  • 10.
  • 11.
  • 12. XPath Location Path – Examples (2/2) XPath Wilcards are bolded in red . XPath Axisname are underlined. Example Result child ::user Selects all user nodes that are children of the current node attribute ::id Selects the id attribute of the current node child :: * Selects all children of the current node attribute :: * Selects all attributes of the current node child :: text() Selects all text child nodes of the current node child :: node() Selects all child nodes of the current node descendant ::users Selects all users descendants of the current node
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.