Blackhat Amsterdam 2012 : ToolsTube with Tom Forbes on XCAT – Xpath Injection Tool

Tools + Interview + ToolsTube NJ Ouchn todayMarch 19, 2012

Background
share close

The tools exploit xpath injection vulnerability in web applications and support advanced exploitation features. Both Xpath 1.0 and 2.0 are supported. The tool allows extraction of entire XML database by exploiting the XPATH vulnerability in web application frameworks. Some of the advanced features which Xcat supports include:

  1. True and Error conditions (Blind Injection)
  2. Extracting Data over Out-of-band channels (HTTP, DNS)
  3. Abusing the DOC function and reading arbitrary XML files on the system

Tom is a university student who finished his summer internship at 7Safe last year. During the internship Tom worked on several interesting aspects of IT Security. His research paper on Hacking XPATH 2.0 is the only material available on internet on this topic.

Written by: NJ Ouchn

Tagged as: , , , , , .

Rate it
About the author
Avatar

NJ Ouchn

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"


Previous post

Similar posts

Post comments (0)

Leave a reply

Your email address will not be published. Required fields are marked *


LOGO

  • help@firwl.com
  • info@firwl.com


Products


Company


Contacts

Support


LOGO

  • help@firwl.com
  • info@firwl.com


Products


Company


Contacts

Support