Definition
XPath injection is a cyberattack in which the attacker inserts malicious code into an application’s XPath (XML path) queries. This allows the attacker to gain unauthorized access to the system, steal data, or open more attack vectors.
Types of XPath Injection
- Boolean-based: The attacker submits inputs that prompt the system to respond with either true or false and uses the response to understand the XML structure or manipulate the application’s behavior.
- Union-based: The attacker combines the result of an XPath query with an injected query with a UNION adapter, potentially extracting sensitive data.
- Error-based: The attacker injects code that deliberately causes XPath errors, which can expose details about a program’s internal structure for more attacks.
- Time-based: The attacker introduces delays or inserts time-wasting tasks into the XPath query to gather information about the system by analyzing the response time.
Stopping XPath Injection Attacks
- Use parameterized XPath queries to properly separate the user input from the query logic.
- Employ input sanitization and validation for XPath queries to safeguard the system against malicious patterns or characters.
- Conduct frequent security checks to detect and fix any application XPath injection flaws.