This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Blind XPath Injection"

From OWASP
Jump to: navigation, search
(Description)
Line 5: Line 5:
 
==Description==
 
==Description==
  
This article should cover attacks involving injection into XPath queries.
+
===About XPath===
 +
XPath is a sort of query language that describes how to locate specific elements (including attributes, processing instructions, etc.) in an XML document. Since it is a query language, XPath is somewhat similar to Structured Query Language (SQL). However, XPath can be used to reference almost any part of any XML document without access control restrictions, whereas with SQL, a "user" (which is a term undefined in the XPath/XML context) may be restricted to certain tables, columns or queries. [http://www.w3.org/TR/xpath]
 +
 
 +
===Blind XPath Injection===
 +
Using Blind XPath Injection, an attacker can extract a complete XML document for XPath querying without prior knowledge of the query. The attacker can access the entire XML "database" used in the XPath query which can be powerful against sites that use XPath queries (and XML "databases") for authentication, searching and other uses.
  
 
==Examples ==
 
==Examples ==

Revision as of 20:00, 8 September 2006

This is an Attack. To view all attacks, please see the Attack Category page.


This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.


Description

About XPath

XPath is a sort of query language that describes how to locate specific elements (including attributes, processing instructions, etc.) in an XML document. Since it is a query language, XPath is somewhat similar to Structured Query Language (SQL). However, XPath can be used to reference almost any part of any XML document without access control restrictions, whereas with SQL, a "user" (which is a term undefined in the XPath/XML context) may be restricted to certain tables, columns or queries. [1]

Blind XPath Injection

Using Blind XPath Injection, an attacker can extract a complete XML document for XPath querying without prior knowledge of the query. The attacker can access the entire XML "database" used in the XPath query which can be powerful against sites that use XPath queries (and XML "databases") for authentication, searching and other uses.

Examples

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures