Tools no image

Published on March 15th, 2012 | by MaxiSoler


XCat v0.5 XPath Injection (Black Hat EU 2012 Edition) Released

XCat is a command line program that aides in the exploitation of XPath injection vulnerabilities. It boasts a wide range of features and can utilize the more advanced features of the XPath 2.0 specification (pattern matching, unicode normilization and even http requests) or gracefully degrade to using XPath 1.0 if they are not available.

XCat is built to exploit boolean XPath injections (Where only one bit of data can be extracted in one request) and it requires you to manually identifiy the exploit first, this does not do that for you.


  • Exploits both GET and POST attacks
  • Extracts all nodes, comments, attributes and data from the entire XML document
  • Small and lightweight (only dependency is Twisted)
  • Parallel requests
  • XPath 2.0 supported (with graceful degrading to 1.0)
  • Regex pattern matching to reduce character search space
  • Unicode normalization
  • Advanced data postback through HTTP (see below)
  • Arbitrarily read XML files on the servers file system via the doc() function (see below)

Download XCat v0.5 (Black Hat EU 2012 Edition)

Thank you Tom Forbes 😉

Tags: ,

About the Author

www.artssec.com @maxisoler

Back to Top ↑