Hackers of India

Hacking XPATH 2.0

By  Sumit Siddharth  , Tom Forbes  on 14 Mar 2012 @ Blackhat

Abstract

The presentation will discuss the vulnerability XPATH Injection in depth and we will cover advanced exploitation techniques. We will talk about xpath 2.0 and how an attacker can not just obtain the XML document but also obtain files outside the current document. We will discuss how to exploit vulnerabilities blindly and the case when the application does not reveal anything (ie. compare this to a time based sql injection). Exfiltrating data over out of bound channel such as HTTP, DNS will also be discussed followed by some real life examples of the vulnerability found in the wild. Finally we will release an open-source tool to automate exploiting this vulnerability with all advanced exploitation features built in.