Title: [Article]-Intro to XPath Injection
Post by: don on March 14, 2008, 03:24:54 PM
After doing some videos and book reviews, Chris is back to writing articles with a great introduction to yet another security topic. This time it is a little known issue with XML files. Read on and be educated.
Permanent link: [Article]-Intro to XPath Injection (http://www.ethicalhacker.net/content/view/185/24/)
By Chris Gates, CISSP, CPTS, CEH
WTF is XPath Injection? Data can be stored in a XML file instead of an SQL Database. To sort through complex XML documents, developers created the XPath language.
XPath is a query language for XML documents, much like SQL is a query language for databases. Instead of tables, columns, and rows XML files have nodes in a tree. And like SQL, XPATH also had the potential for injection issues if queries are not properly sanitized.
Why is XPath Injection so dangerous?
As always, please send in your feedback,
Title: Re: [Article]-Intro to XPath Injection
Post by: don on April 17, 2008, 04:16:59 PM
Submitted to digg: