X-Path Injection

X-path injection

X-Path Injection

These attacks are directed on web-servers, creating requests written on XPath language and based on a data inserted by a user. XML Path Language (XPath) 1.0 is designed to provide access to parts of an XML document. It can be used by itself or as part of the XSLT transformation of XML documents or XQuery execution.