https://wiki.owasp.org/index.php?title=OWASP_Periodic_Table_of_Vulnerabilities_-_XPath/XQuery_Injection&feed=atom&action=history
OWASP Periodic Table of Vulnerabilities - XPath/XQuery Injection - Revision history
2024-03-28T16:19:27Z
Revision history for this page on the wiki
MediaWiki 1.27.2
https://wiki.owasp.org/index.php?title=OWASP_Periodic_Table_of_Vulnerabilities_-_XPath/XQuery_Injection&diff=151603&oldid=prev
James Landis at 05:04, 15 May 2013
2013-05-15T05:04:59Z
<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 05:04, 15 May 2013</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l33" >Line 33:</td>
<td colspan="2" class="diff-lineno">Line 33:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>=== References ===</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>=== References ===</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>[[Top_10_2010-A1-Injection| OWASP Top 10 2010 - A1 Injection]]</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>[[Top_10_2010-A1-Injection| OWASP Top 10 2010 - A1 Injection]]<ins class="diffchange diffchange-inline"><BR></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>[[XPATH_Injection| XPath Injection]]<BR></div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>[[XPATH_Injection| XPath Injection]]<BR></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>[http://projects.webappsec.org/w/page/13247006/XQuery%20Injection| XQuery Injection (WASC)]</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>[http://projects.webappsec.org/w/page/13247006/XQuery%20Injection| XQuery Injection (WASC)]</div></td></tr>
</table>
James Landis
https://wiki.owasp.org/index.php?title=OWASP_Periodic_Table_of_Vulnerabilities_-_XPath/XQuery_Injection&diff=151602&oldid=prev
James Landis: Created page with "Return to Periodic Table Working View == XPath/XQuery Injection == === Root Cause Summary === ..."
2013-05-15T05:04:50Z
<p>Created page with "<a href="/index.php/OWASP_Periodic_Table_of_Vulnerabilities#Periodic_Table_of_Vulnerabilities" title="OWASP Periodic Table of Vulnerabilities">Return to Periodic Table Working View</a> == XPath/XQuery Injection == === Root Cause Summary === ..."</p>
<p><b>New page</b></p><div>[[OWASP_Periodic_Table_of_Vulnerabilities#Periodic_Table_of_Vulnerabilities|Return to Periodic Table Working View]]<br />
<br />
== XPath/XQuery Injection ==<br />
<br />
=== Root Cause Summary ===<br />
<br />
The application unsafely incorporates user data into an XQuery or XPath pattern which can change the logic of the query.<br />
<br />
=== Browser / Standards Solution ===<br />
<br />
None<br />
<br />
=== Perimeter Solution ===<br />
<br />
None<br />
<br />
=== Generic Framework Solution ===<br />
<br />
The framework should provide a safe wrapper for XML search operations which canonicalizes and parameterizes patterns or avoids injection pitfalls altogether. Use only safe XQuery and XPath libraries or a subset of those libraries which is not vulnerable to injection.<br />
<br />
=== Custom Framework Solution ===<br />
<br />
None<br />
<br />
=== Custom Code Solution ===<br />
<br />
None<br />
<br />
=== Discussion / Controversy ===<br />
<br />
None<br />
<br />
=== References ===<br />
<br />
[[Top_10_2010-A1-Injection| OWASP Top 10 2010 - A1 Injection]]<br />
[[XPATH_Injection| XPath Injection]]<BR><br />
[http://projects.webappsec.org/w/page/13247006/XQuery%20Injection| XQuery Injection (WASC)]</div>
James Landis