The number of vulnerabilities in 2021 have dramatically increased so that the technical teams in charge of the patch management ﬁnd themselves drowning in a myriad of critical and urgent task
The presentation will discuss the vulnerability XPATH Injection in depth and we will cover advanced exploitation techniques. We will talk about xpath 2.0 and how an attacker can not just obtain the XML document but also obtain files outside the current document. We will discuss how to exploit vulnerabilities blindly and the case when the application does not reveal anything (ie. compare this to a time based sql injection). Exfiltrating data over out of bound channel such as HTTP, DNS will also be discussed followed by some real life examples of the vulnerability found in the wild. Finally we will release an open-source tool to automate exploiting this vulnerability with all advanced exploitation features built in.
Sumit Siddharth (sid) works as a Head of Penetration Testing for 7safe in the UK. He specializes in Web application and database security and has over 7 years of experience with IT security. Sid has been a speaker at many international conferences such as Black Hat, Defcon, Owasp, Troopers, Sec-T etc. He has been an author of several white-papers, tools and security advisories. Sid holds the prestigious CREST certification and also runs the popular IT security blog http://www.notsosecure.com. He is also a contributing author to the book SQL Injection:Attacks and Defense (2nd Edition)
Written by: NJ Ouchn
"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"
Tools NJ Ouchn
The tools exploit xpath injection vulnerability in web applications and support advanced exploitation features. Both Xpath 1.0 and 2.0 are supported. The tool allows extraction of entire XML database by ...