AppSec Tales XXIII | XPathI

Application Security Testing for XPath Injections.

INTRODUCTION

The article describes how to test the application to find XPath Injections, which occur when a website uses user-supplied data to construct an XPath (XML Path Language) query for XML data.

XPath is a query language that navigates and selects elements and attributes within XML structures. By using location steps, axes, and predicates, XPath enables efficient traversal of XML documents.

Below are some examples of how to use XPath:

## Selecting Elements:
# All book elements
/bookstore/book

# The first author within a book
/bookstore/book[1]/author

## Using Wildcards:
# All elements in the document
//*

# All title elements at any level
//title

## Predicates for Filtering:
# Book elements published after 2022
/bookstore/book[@year > 2022]

# The second chapter within a book
/bookstore/book/chapter[2]

## Navigating Axes:
# The parent book of a chapter element
/bookstore/book/chapter/..

# All preceding paragraph elements before the current paragraph
preceding-sibling::paragraph

## Conditional Selection:
# Book elements with a price less than $40
/bookstore/book[price < 40]

## Text Content Selection:
# The text content of a title element
/bookstore/book/title/text()

Currently, there are four…