Meet us at RSA Conference™ 2024 at booth N-4205.

XML: eXploitable Markup Language

XPath injection on XML files

Blog XML: eXploitable Markup Language

raballestasr

Rafael Ballestas

| 6 min read

Table of contents

When a markup language is not enough

Injecting XPath into a vulnerable app

The source of the problem

Contact us

Loading ...

Table of contents

When a markup language is not enough

Injecting XPath into a vulnerable app

The source of the problem

Share

Tags:

Subscribe to our blog

Sign up for Fluid Attacks' weekly newsletter.

Recommended blog posts

You might be interested in the following related posts.

Photo by Brian Kelly on Unsplash

Undersupported Infrastructure

We need you, but we can't give you any money

Photo by Valery Fedotov on Unsplash

The Joke on Someone in Nebraska

A digital infrastructure issue that many still ignore

Photo by Ray Hennessy on Unsplash

The Mother of All Breaches?

Let's rather say a bunch of breaches in a single box

Photo by ANIRUDH on Unsplash

Ransomware Is Loving Citrix Bleed

Boeing, 60 credit unions, and more, have been impacted

Photo by Fotis Fotopoulos on Unsplash

LFR via SSRF in BookStack

Beware of insecure-by-default libraries!

Photo by Yeshi Kangrang on Unsplash

RCE in PaperCut MF/NG via CSRF

What is invisible to some hackers is visible to others

Photo by Jelleke Vanooteghem on Unsplash

Your Password Manager Was Hacked!

Benefits and risks of these increasingly used programs

Start your 21-day free trial

Discover the benefits of our Continuous Hacking solution, which hundreds of organizations are already enjoying.

Start your 21-day free trial

Hacking software for over 20 years

Fluid Attacks tests applications and other systems, covering all software development stages. Our team assists clients in quickly identifying and managing vulnerabilities to reduce the risk of incidents and deploy secure technology.

Service

Continuous Hacking

Platform overview

Solutions

Application security

Compliance

Systems

Testing Techniques

ASPM

SAST

DAST

MPT

MAST

SCA

CSPM

ARM

PTaaS

RE

SCR

Plans

Essential

Advanced

Resources

Blog

Learn

Advisories

Clients

Downloadables

Documentation

Company

About us

Certifications

Partners

Careers

Contact us

Copyright © 0 Fluid Attacks. We hack your software. All rights reserved.

Service status

Terms of use

Privacy policy

Cookie policy