Date: Thu, 28 Mar 2024 22:39:20 +0100 (CET) Message-ID: <821400072.1298.1711661960421@localhost> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_1297_763884524.1711661960421" ------=_Part_1297_763884524.1711661960421 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
This page will describe XPath injection in more detail.
Contents:
CWE-643 describes XPath Injection as follows:
=E2=80=9CThe software uses external input= to dynamically construct an XPath expression us= ed to retrieve data from an XML database, but it does not neutralize or inc= orrectly neutralizes that input. This allows an attacker to control the str= ucture of the query.=E2=80=9D
Similar to SQL Injection, XPath Injection attacks occur when a web site = uses user-supplied information to construct an XPath query for XML data.
By sending intentionally malformed information into the web site, an att= acker can find out how the XML data is structured, or access data that he m= ay not normally have access to. He may even be able to elevate his privileg= es on the web site if the XML data is being used for authentication (such a= s an XML based user file).
The net effect is that the attacker will have control over the info= rmation selected from the XML database and may use that ability to con= trol application flow, modify logic, retrieve unauthorized data, or bypass = important checks (e.g. authentication).
Querying XML is done with XPath, a type of simple descriptive statement = that allows the XML query to locate a piece of information. Like SQL, you c= an specify certain attributes to find, and patterns to match. When using XM= L for a web site it is common to accept some form of input on the query str= ing to identify the content to locate and display on the page.
This input must be sanitized to verify that it doesn't mess up the XPath= query and return the wrong data.
In Kiuwan, you can search rules covering XPath-Injection (CWE-643) filte= ring by
Kiuwan incorporates the following rules for XPath-Injection (CWE-643) fo= r the following languages.
To obtain detailed information on functionality, coverage, parameterizat= ion, remediation, example codes, etc., follow the same steps as described i= n SQL Injection.&nbs= p;
Language |
Rule code |
---|---|
C# |
OPT.CSHARP.XPathInjection |
Java |
OPT.JAVA.SEC_JAVA.XPathInjectionRule<= /strong> |
Javascript |
OPT.JAVASCRIPT.XPathInjection |
Objective-C |
OPT.OBJECTIVEC.XPathInjection |
PHP |
OPT.PHP.XPathInjection = td> |
Python |
OPT.PYTHON.SECURITY.XpathInjection |
Swift |
OPT.SWIFT.SECURITY.XpathInjection |