SlideShare une entreprise Scribd logo

XPath Injection

Télécharger en tant que PPT, PDF
Roberto Suggi Liverani
Roberto Suggi Liverani

Talk covering the basics of XPath and injection attacks against application using XPath as a query language.

Technologie
1  sur  23
OWASP – XPath Injection overview Roberto Suggi Liverani Security Consultant Security-Assessment.com 21 February 2008
Who am I? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What is XPath? ,[object Object],[object Object],[object Object],[object Object],[object Object]
An XML document from XPath perspective (1/2) ,[object Object]
An XML document from Xpath perspective (2/2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
XPath Syntax (1/3) ,[object Object],[object Object],[object Object],Expression Description nodename Selects all child nodes of the named node / Selects from the root node // Selects nodes in the document from the current node that match the selection no matter where they are . Selects the current node .. Selects the parent of the current node
XPath Syntax (2/3) ,[object Object]
XPath Syntax – other query examples (3/3) Expression Result users Selects all the child nodes of the users element /users Selects the root element users users/user Selects all user elements that are children of users //users Selects all users elements no matter where they are in the document users//user Selects all user elements that are descendant of the users element, no matter where they are under the users element
XPath Predicates ,[object Object],[object Object],XPath operators are shown in red . Expression Result /users/user[1] Selects the first user element that is the child of the users element. /users/user[last()] Selects the last user element that is the child of the users element /users/user[position() < 3] Selects the first two user elements that are children of the users element //username[@id = '1'] Selects all the username elements that have an attribute named id with a value of ‘1'
XPath Location Path (1/2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
XPath Location Path – Examples (2/2) XPath Wilcards are bolded in red . XPath Axisname are underlined. Example Result child ::user Selects all user nodes that are children of the current node attribute ::id Selects the id attribute of the current node child :: * Selects all children of the current node attribute :: * Selects all attributes of the current node child :: text() Selects all text child nodes of the current node child :: node() Selects all child nodes of the current node descendant ::users Selects all users descendants of the current node
XPath Functions ,[object Object],[object Object],[object Object],Function Name Description substring( string,start,len ) Returns the substring from the start position to the specified length. Index of the first character is 1. If length is omitted it returns the substring from the start position to the end string-length( string ) Returns the length of the specified string. count( (item,item,...) ) Returns the count of nodes starts-with( string1,string2 ) Returns true if string1 starts with string2, otherwise it returns false contains( string1,string2 ) Returns true if string1 contains string2, otherwise it returns false number( arg ) Returns the numeric value of the argument. The argument could be a boolean, string, or node-set string( arg ) Returns the string value of the argument. The argument could be a number, boolean, or node-set
XPath Injection (1/2) ,[object Object],[object Object],VB : Dim FindUserXPath as String FindUserXPath = &quot;//Users/user[username/text()='&quot; & Request(&quot;Username&quot;) & &quot;' And password/text()='&quot; & Request(&quot;Password&quot;) & &quot;']&quot; C# : String FindUserXPath; FindUserXPath = &quot;//Users/user[username/text()='&quot; + Request(&quot;Username&quot;) + &quot;' And password/text()='&quot; + Request(&quot;Password&quot;) + &quot;']&quot;; Username = user Password = password XPath query becomes: //users/user[username/text()=‘ user ’ and password/text()=‘ password ’]
XPath Injection (2/2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Username = user’ or ‘1’ = ‘1 Password = password XPath query becomes: //users/user[username/text()=‘ user’ or ‘1’ = ‘1 ’ and password/text()=‘ password ’]
Blind XPath Injection (1/3) ,[object Object],[object Object],[object Object],[object Object],Username = user Password = password XPath query becomes: //users/user[username/text()=‘ user ’ and password/text()=‘ password ’] Username = jjj' or name(//users/user/username[1]) = 'username' or 'a'='b Password = password XPath query becomes: //users/user[username/text()=‘ jjj' or name(//users/user/username[1]) = 'username' or 'a'='b' and password/text()=‘ password ’]
Blind XPath Injection (2/3) ,[object Object],[object Object],count(//user/child::node()) Username = root' and substring((//user[position()=2]/child::node()[position()=1]),1,1)=&quot;a&quot; and '1' = '1 Password = OAhhgg XPath query becomes: //users/user[username/text()= ‘root’ and substring((//user[position()=2]/child::node()[position()=1]),1,1)=&quot;a&quot; and '1' = '1' and password/text()=‘ OAhhgg ’]
Blind XPath Injection – (3/3) ,[object Object],[object Object],[object Object],[object Object],string-length(//username[position()=1]/child::node()[position()=1])=4 count(//user/child::node()) contains(//username[position()=1]/child::node()[position()=1],”r”)
XPath Injection Countermeasures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],XPathNodeIterator custData = XPathCache.Select( &quot;//customer[@name=$name and @password=$password]&quot;, customersDocument, new XPathVariable(&quot;name&quot;, txtName.Text), new XPathVariable(&quot;password&quot;, txtPassword.Text));
Questions/Conclusion ,[object Object],[object Object],[object Object],[object Object]
References – Misc. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
References ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
References ,[object Object],[object Object]

Recommandé

Java servlets
Java servletsJava servlets
Java servletslopjuan
 
Tomcat
TomcatTomcat
TomcatVenkat Pinagadi
 
Xampp Workshop
Xampp WorkshopXampp Workshop
Xampp WorkshopAnuchit Chalothorn
 
Architecture: Microservices
Architecture: MicroservicesArchitecture: Microservices
Architecture: MicroservicesAmazon Web Services
 
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸Amazon Web Services
 
Completable future
Completable futureCompletable future
Completable futureSrinivasan Raghvan
 
Spring cloud for microservices architecture
Spring cloud for microservices architectureSpring cloud for microservices architecture
Spring cloud for microservices architectureIgor Khotin
 
Introduction to Spring Framework
Introduction to Spring Framework Introduction to Spring Framework
Introduction to Spring Framework Serhat Can
 

Recommandé

Java servlets
Java servletsJava servlets
Java servletslopjuan
 
Tomcat
TomcatTomcat
TomcatVenkat Pinagadi
 
Xampp Workshop
Xampp WorkshopXampp Workshop
Xampp WorkshopAnuchit Chalothorn
 
Architecture: Microservices
Architecture: MicroservicesArchitecture: Microservices
Architecture: MicroservicesAmazon Web Services
 
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸Amazon Web Services
 
Completable future
Completable futureCompletable future
Completable futureSrinivasan Raghvan
 
Spring cloud for microservices architecture
Spring cloud for microservices architectureSpring cloud for microservices architecture
Spring cloud for microservices architectureIgor Khotin
 
Introduction to Spring Framework
Introduction to Spring Framework Introduction to Spring Framework
Introduction to Spring Framework Serhat Can
 
How to React to JavaScript Insecurity
How to React to JavaScript InsecurityHow to React to JavaScript Insecurity
How to React to JavaScript InsecurityKsenia Peguero
 
Web Development with Laravel 5
Web Development with Laravel 5Web Development with Laravel 5
Web Development with Laravel 5Soheil Khodayari
 
Java: GUI
Java: GUIJava: GUI
Java: GUITareq Hasan
 
REST & RESTful Web Services
REST & RESTful Web ServicesREST & RESTful Web Services
REST & RESTful Web ServicesHalil Burak Cetinkaya
 
Using XSLT in Mule
Using XSLT in MuleUsing XSLT in Mule
Using XSLT in MuleAnirban Sen Chowdhary
 
Event Driven Architecture
Event Driven ArchitectureEvent Driven Architecture
Event Driven ArchitectureSistek Yazılım
 
Command Design Pattern
Command Design PatternCommand Design Pattern
Command Design PatternShahriar Hyder
 
Introduction to Java
Introduction to Java Introduction to Java
Introduction to Java Hitesh-Java
 
Spring Boot
Spring BootSpring Boot
Spring BootJiayun Zhou
 
JavaFX Presentation
JavaFX PresentationJavaFX Presentation
JavaFX PresentationMochamad Taufik Mulyadi
 
Java Spring
Java SpringJava Spring
Java SpringAathikaJava
 
Deep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & FargateDeep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & FargateAmazon Web Services
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to MicroservicesAmazon Web Services
 
ASP.NET Core MVC + Web API with Overview
ASP.NET Core MVC + Web API with OverviewASP.NET Core MVC + Web API with Overview
ASP.NET Core MVC + Web API with OverviewShahed Chowdhuri
 
Static keyword ppt
Static keyword pptStatic keyword ppt
Static keyword pptVinod Kumar
 
Rest API
Rest APIRest API
Rest APIRohana K Amarakoon
 
JAVA ENVIRONMENT
JAVA ENVIRONMENTJAVA ENVIRONMENT
JAVA ENVIRONMENTjosemachoco
 
Introduction à la plateforme Anypoint de MuleSoft
Introduction à la plateforme Anypoint de MuleSoftIntroduction à la plateforme Anypoint de MuleSoft
Introduction à la plateforme Anypoint de MuleSoftParis Salesforce Developer Group
 
Tomcat server
Tomcat server Tomcat server
Tomcat serverUtkarsh Agarwal
 
Hacking XPATH 2.0
Hacking XPATH 2.0Hacking XPATH 2.0
Hacking XPATH 2.0michelemanzotti
 
XML & XPath Injections
XML & XPath InjectionsXML & XPath Injections
XML & XPath InjectionsAMol NAik
 

Contenu connexe

Tendances

How to React to JavaScript Insecurity
How to React to JavaScript InsecurityHow to React to JavaScript Insecurity
How to React to JavaScript InsecurityKsenia Peguero
 
Web Development with Laravel 5
Web Development with Laravel 5Web Development with Laravel 5
Web Development with Laravel 5Soheil Khodayari
 
Command Design Pattern
Command Design PatternCommand Design Pattern
Command Design PatternShahriar Hyder
 
Introduction to Java
Introduction to Java Introduction to Java
Introduction to Java Hitesh-Java
 
Deep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & FargateDeep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & FargateAmazon Web Services
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
 
ASP.NET Core MVC + Web API with Overview
ASP.NET Core MVC + Web API with OverviewASP.NET Core MVC + Web API with Overview
ASP.NET Core MVC + Web API with OverviewShahed Chowdhuri
 
Static keyword ppt
Static keyword pptStatic keyword ppt
Static keyword pptVinod Kumar
 
JAVA ENVIRONMENT
JAVA ENVIRONMENTJAVA ENVIRONMENT
JAVA ENVIRONMENTjosemachoco
 

Tendances (20)

How to React to JavaScript Insecurity
How to React to JavaScript InsecurityHow to React to JavaScript Insecurity
How to React to JavaScript Insecurity
 
Web Development with Laravel 5
Web Development with Laravel 5Web Development with Laravel 5
Web Development with Laravel 5
 
Java: GUI
Java: GUIJava: GUI
Java: GUI
 
REST & RESTful Web Services
REST & RESTful Web ServicesREST & RESTful Web Services
REST & RESTful Web Services
 
Using XSLT in Mule
Using XSLT in MuleUsing XSLT in Mule
Using XSLT in Mule
 
Event Driven Architecture
Event Driven ArchitectureEvent Driven Architecture
Event Driven Architecture
 
Command Design Pattern
Command Design PatternCommand Design Pattern
Command Design Pattern
 
Introduction to Java
Introduction to Java Introduction to Java
Introduction to Java
 
Spring Boot
Spring BootSpring Boot
Spring Boot
 
JavaFX Presentation
JavaFX PresentationJavaFX Presentation
JavaFX Presentation
 
Java Spring
Java SpringJava Spring
Java Spring
 
Deep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & FargateDeep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & Fargate
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
ASP.NET Core MVC + Web API with Overview
ASP.NET Core MVC + Web API with OverviewASP.NET Core MVC + Web API with Overview
ASP.NET Core MVC + Web API with Overview
 
Static keyword ppt
Static keyword pptStatic keyword ppt
Static keyword ppt
 
Rest API
Rest APIRest API
Rest API
 
JAVA ENVIRONMENT
JAVA ENVIRONMENTJAVA ENVIRONMENT
JAVA ENVIRONMENT
 
Introduction à la plateforme Anypoint de MuleSoft
Introduction à la plateforme Anypoint de MuleSoftIntroduction à la plateforme Anypoint de MuleSoft
Introduction à la plateforme Anypoint de MuleSoft
 
Tomcat server
Tomcat server Tomcat server
Tomcat server
 

Similaire à XPath Injection

XML & XPath Injections
XML & XPath InjectionsXML & XPath Injections
XML & XPath InjectionsAMol NAik
 
XPath - XML Path Language
XPath - XML Path LanguageXPath - XML Path Language
XPath - XML Path Languageyht4ever
 
Developing web apps using Erlang-Web
Developing web apps using Erlang-WebDeveloping web apps using Erlang-Web
Developing web apps using Erlang-Webfanqstefan
 
Article link httpiveybusinessjournal.compublicationmanaging-.docx
Article link httpiveybusinessjournal.compublicationmanaging-.docxArticle link httpiveybusinessjournal.compublicationmanaging-.docx
Article link httpiveybusinessjournal.compublicationmanaging-.docxfredharris32
 
XPath XSLT Workshop - Concept Listing
XPath XSLT Workshop - Concept ListingXPath XSLT Workshop - Concept Listing
XPath XSLT Workshop - Concept ListingIndrajeet Verma
 
Slice for Distributed Persistence (JavaOne 2010)
Slice for Distributed Persistence (JavaOne 2010)Slice for Distributed Persistence (JavaOne 2010)
Slice for Distributed Persistence (JavaOne 2010)Pinaki Poddar
 
CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...
CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...
CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...ijdms
 
Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...
Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...
Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...ijdms
 
Multi Document Text Summarization using Backpropagation Network
Multi Document Text Summarization using Backpropagation NetworkMulti Document Text Summarization using Backpropagation Network
Multi Document Text Summarization using Backpropagation NetworkIRJET Journal
 
Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4Stephan Schmidt
 

Similaire à XPath Injection (20)

Hacking XPATH 2.0
Hacking XPATH 2.0Hacking XPATH 2.0
Hacking XPATH 2.0
 
XML & XPath Injections
XML & XPath InjectionsXML & XPath Injections
XML & XPath Injections
 
Xml session
Xml sessionXml session
Xml session
 
XPath - XML Path Language
XPath - XML Path LanguageXPath - XML Path Language
XPath - XML Path Language
 
ITU - MDD - XText
ITU - MDD - XTextITU - MDD - XText
ITU - MDD - XText
 
Selenium-Locators
Selenium-LocatorsSelenium-Locators
Selenium-Locators
 
Xpath.pdf
Xpath.pdfXpath.pdf
Xpath.pdf
 
Developing web apps using Erlang-Web
Developing web apps using Erlang-WebDeveloping web apps using Erlang-Web
Developing web apps using Erlang-Web
 
Sax Dom Tutorial
Sax Dom TutorialSax Dom Tutorial
Sax Dom Tutorial
 
Article link httpiveybusinessjournal.compublicationmanaging-.docx
Article link httpiveybusinessjournal.compublicationmanaging-.docxArticle link httpiveybusinessjournal.compublicationmanaging-.docx
Article link httpiveybusinessjournal.compublicationmanaging-.docx
 
XPath XSLT Workshop - Concept Listing
XPath XSLT Workshop - Concept ListingXPath XSLT Workshop - Concept Listing
XPath XSLT Workshop - Concept Listing
 
Slice for Distributed Persistence (JavaOne 2010)
Slice for Distributed Persistence (JavaOne 2010)Slice for Distributed Persistence (JavaOne 2010)
Slice for Distributed Persistence (JavaOne 2010)
 
CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...
CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...
CONSIDERING STRUCTURAL AND VOCABULARY HETEROGENEITY IN XML QUERY: FPTPQ AND H...
 
Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...
Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...
Considering Structural and Vocabulary Heterogeneity in XML Query: FPTPQ and H...
 
Introduction to XML
Introduction to XMLIntroduction to XML
Introduction to XML
 
C1320prespost
C1320prespostC1320prespost
C1320prespost
 
Xml presentation
Xml presentationXml presentation
Xml presentation
 
Multi Document Text Summarization using Backpropagation Network
Multi Document Text Summarization using Backpropagation NetworkMulti Document Text Summarization using Backpropagation Network
Multi Document Text Summarization using Backpropagation Network
 
Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4
 
Struts2
Struts2Struts2
Struts2
 

Plus de Roberto Suggi Liverani

I got 99 trends and a # is all of them
I got 99 trends and a # is all of themI got 99 trends and a # is all of them
I got 99 trends and a # is all of themRoberto Suggi Liverani
 
Cross Context Scripting attacks & exploitation
Cross Context Scripting attacks & exploitationCross Context Scripting attacks & exploitation
Cross Context Scripting attacks & exploitationRoberto Suggi Liverani
 
Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Roberto Suggi Liverani
 
None More Black - the Dark Side of SEO
None More Black - the Dark Side of SEONone More Black - the Dark Side of SEO
None More Black - the Dark Side of SEORoberto Suggi Liverani
 
Bridging the gap - Security and Software Testing
Bridging the gap - Security and Software TestingBridging the gap - Security and Software Testing
Bridging the gap - Security and Software TestingRoberto Suggi Liverani
 
Defending Against Application DoS attacks
Defending Against Application DoS attacksDefending Against Application DoS attacks
Defending Against Application DoS attacksRoberto Suggi Liverani
 
Black Energy18 - Russian botnet package analysis
Black Energy18 - Russian botnet package analysisBlack Energy18 - Russian botnet package analysis
Black Energy18 - Russian botnet package analysisRoberto Suggi Liverani
 

Plus de Roberto Suggi Liverani (13)

I got 99 trends and a # is all of them
I got 99 trends and a # is all of themI got 99 trends and a # is all of them
I got 99 trends and a # is all of them
 
Augmented reality in your web proxy
Augmented reality in your web proxyAugmented reality in your web proxy
Augmented reality in your web proxy
 
Cross Context Scripting attacks & exploitation
Cross Context Scripting attacks & exploitationCross Context Scripting attacks & exploitation
Cross Context Scripting attacks & exploitation
 
Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012
 
None More Black - the Dark Side of SEO
None More Black - the Dark Side of SEONone More Black - the Dark Side of SEO
None More Black - the Dark Side of SEO
 
Bridging the gap - Security and Software Testing
Bridging the gap - Security and Software TestingBridging the gap - Security and Software Testing
Bridging the gap - Security and Software Testing
 
Defending Against Application DoS attacks
Defending Against Application DoS attacksDefending Against Application DoS attacks
Defending Against Application DoS attacks
 
Exploiting Firefox Extensions
Exploiting Firefox ExtensionsExploiting Firefox Extensions
Exploiting Firefox Extensions
 
Black Energy18 - Russian botnet package analysis
Black Energy18 - Russian botnet package analysisBlack Energy18 - Russian botnet package analysis
Black Energy18 - Russian botnet package analysis
 
Web Spam Techniques
Web Spam TechniquesWeb Spam Techniques
Web Spam Techniques
 
Reversing JavaScript
Reversing JavaScriptReversing JavaScript
Reversing JavaScript
 
Ajax Security
Ajax SecurityAjax Security
Ajax Security
 
Browser Security
Browser SecurityBrowser Security
Browser Security
 

Dernier

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Dernier (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

XPath Injection

  • 1. OWASP – XPath Injection overview Roberto Suggi Liverani Security Consultant Security-Assessment.com 21 February 2008
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. XPath Syntax – other query examples (3/3) Expression Result users Selects all the child nodes of the users element /users Selects the root element users users/user Selects all user elements that are children of users //users Selects all users elements no matter where they are in the document users//user Selects all user elements that are descendant of the users element, no matter where they are under the users element
  • 10.
  • 11.
  • 12. XPath Location Path – Examples (2/2) XPath Wilcards are bolded in red . XPath Axisname are underlined. Example Result child ::user Selects all user nodes that are children of the current node attribute ::id Selects the id attribute of the current node child :: * Selects all children of the current node attribute :: * Selects all attributes of the current node child :: text() Selects all text child nodes of the current node child :: node() Selects all child nodes of the current node descendant ::users Selects all users descendants of the current node
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.