Blackhat Amsterdam 2012 : ToolsTube with Tom Forbes on XCAT – Xpath Injection Tool

The tools exploit xpath injection vulnerability in web applications and support advanced exploitation features. Both Xpath 1.0 and 2.0 are supported. The tool allows extraction of entire XML database by exploiting the XPATH vulnerability in web application frameworks. Some of the advanced features which Xcat supports include:

True and Error conditions (Blind Injection)
Extracting Data over Out-of-band channels (HTTP, DNS)
Abusing the DOC function and reading arbitrary XML files on the system

Tom is a university student who finished his summer internship at 7Safe last year. During the internship Tom worked on several interesting aspects of IT Security. His research paper on Hacking XPATH 2.0 is the only material available on internet on this topic.

Tags: Blackhat Europe 2012, Interview, Tom Forbes, ToolsTube, XCat, XPATH 2.0

About the Author

NJ Ouchn "Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"

Blackhat Amsterdam 2012 : ToolsTube with Tom Forbes on XCAT – Xpath Injection Tool

About the Author

Follow us in Twitter

Subscribe to Newsletter

Most Shared Posts

Blackhat Amsterdam 2012 : ToolsTube with Tom Forbes on XCAT – Xpath Injection Tool

About the Author

Related Posts

How to Become a Black Hat Arsenal Master →

XCat v0.7 Released →

The Art of Exploiting Injection Flaws at Black Hat Vegas 2013 →

Blackhat Arsenal Vegas 2012 – In Progress →

Follow us in Twitter

Subscribe to Newsletter

Most Shared Posts

Popular Posts