" How to Hack Web using Sql Injection and its Prevention to Being Sql inj web"
toxicmask.blogspot.com/2016/06/how-to-hack-website-using-sql-injection.html
Now its Tutorial About Xpath . Basicly xPath Injection occurs when inputs supplied by the users are not properly sanitized and a malicious attacker is able to send and construct a malformed xPath query for XML data with the intention to extract sensitive information to which normal users don't have access to. It is similar to SQL Injectionwhere attackers does the same, in SQL Injection, SQL queries are made and in xPath Injection, xPath queries are made for XML data/. Queries XML is done through xPath which is type of a simple descriptive statements that allows XML query to locate certain information.
To understand more clearly how a XML document looks like, have a look below. It is a simple XML document codes to authenticate a user based upon the combination of username and password they entered.
"
<users>
<user>
<name>Administrator</name>
<username>toxicmask</username>
<password>password123!</password>
<admin>1</admin>
</user>
<user>
<name>Admin</name>
<username>admin</username>
<password>toxicmask</password>
<admin>0</admin>
</user>
</users>
"
When the username 'admin' and password 'toxicmask' are entered, the following xPath query is executed
/*[0]/user[username="admin" and
password="toxicmask"]
Which would return the following
<user>
<name>Admin</name>
<username>admin</username>
<password>toxicmask</password>
<admin>0</admin>
</user>
Exploiting xPath Injection :Authentication Bypass
An malicious user can bypass the authentication by sending specially crafted input query.
/*[0]/user[username="admin" and password="toxicmask"]
If an attacker submits the following malicious input:
username: admin" or "1" ="1
password: anything
the XPATH query which will be executed will be the following:
/*[0]/user[username="admin" or "1"="1" and
password="anything"]
The XPath query will result in authentication bypass and an attacker will be able to login to the
application as user "admin". This is because the OR clause in the XPath query is a condition which is always true. Under XPath (similar to SQL) the AND clause has precedence over the OR clause, so the XPath query will be evaluated as shown by the following psudo-code:
username ="admin" or [TRUE AND False]
which will result in:
username ="admin" or FALSE
As the username admin is valid, the attacker will be able to login as this user.
That was a basic introduction to tell you, what xPath actually is and to exploit it. I will be explaining how to extract database information, we will be talking about some automated tools for exploiting xPath, we will be Discuss it later or Next Post About Xpath, because i dont Want to Write Artile more then 1500 words, it can be Lengthy , and Boring For you People.
Thanks.
Tags
XPath tutorial