Skip to content

Latest commit

 

History

History
22 lines (10 loc) · 1.11 KB

README.md

File metadata and controls

22 lines (10 loc) · 1.11 KB

XPath-Injection-Lab

This Lab is for XPath Injection and its potential consequences, as well as insights into how to protect applications from this vulnerability. Let's explore the innovative techniques used to manipulate XPath queries and obtain valuable insights.

Below provided some basic steps for setting up a vulnerable lab instance that can be used to replicate the scenarios covered in this blog.

git clone https://github.com/NetSPI/XPath-Injection-Lab.git

cd XPath-Injection-Lab

docker build -t bookapp .

docker run -p 8888:80 bookapp

Tip: We recommend that you brainstorm on how logic operators work before attempting this lab.

After hosting the vulnerable application, configure your browser to use an intercepting web proxy (like Burp Suite), and navigate to http://localhost:8888. Click on the “Find” button, as shown in the below screenshot, and intercept the request in your proxy. Satrt exploring XPath Injection in "title" paramter value.

image