Ethical Hacker Community Forums

Columns => Gates => Topic started by: don on March 14, 2008, 03:24:54 PM


Title: [Article]-Intro to XPath Injection
Post by: don on March 14, 2008, 03:24:54 PM
After doing some videos and book reviews, Chris is back to writing articles with a great introduction to yet another security topic. This time it is a little known issue with XML files. Read on and be educated.

Permanent link: [Article]-Intro to XPath Injection (http://www.ethicalhacker.net/content/view/185/24/)

Quote

By Chris Gates, CISSP, CPTS, CEH

WTF is XPath Injection?  Data can be stored in a XML file instead of an SQL Database.  To sort through complex XML documents, developers created the XPath language.

http://www.w3.org/TR/xpath (http://www.w3.org/TR/xpath)

XPath is a query language for XML documents, much like SQL is a query language for databases.  Instead of tables, columns, and rows XML files have nodes in a tree.  And like SQL, XPATH also had the potential for injection issues if queries are not properly sanitized.

Why is XPath Injection so dangerous?

  • XPath 1.0 is a standard language. SQL has many dialects all based on a common, relatively weak syntax.
  • XPath 1.0 allows one to query all items of the database (XML objects). In some SQL dialects, it is impossible to query for some objects of the database using an SQL SELECT query (e.g. MySQL does not provide a table of tables).
  • XPath 1.0 has no access control for the database , while in SQL, some parts of the database may be inaccessible due to lack of privileges to the application.


As always, please send in your feedback,
Don

Title: Re: [Article]-Intro to XPath Injection
Post by: don on April 17, 2008, 04:16:59 PM
Submitted to digg:

http://digg.com/programming/Intro_to_XPath_Injection_from_a_Hacker_s_Viewpoint

Don


Powered by SMF 1.1.5 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com