https://github.com/netspi/xpath-injection-lab
https://github.com/netspi/xpath-injection-lab
Last synced: 8 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/netspi/xpath-injection-lab
- Owner: NetSPI
- Created: 2023-10-30T06:57:02.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-11-03T13:56:32.000Z (over 2 years ago)
- Last Synced: 2025-02-26T02:41:23.293Z (about 1 year ago)
- Language: C#
- Size: 401 KB
- Stars: 2
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# XPath-Injection-Lab
This Lab is for XPath Injection and its potential consequences, as well as insights into how to protect applications from this vulnerability. Let's explore the innovative techniques used to manipulate XPath queries and obtain valuable insights.
Below provided some basic steps for setting up a vulnerable lab instance that can be used to replicate the scenarios covered in this blog.
``git clone https://github.com/NetSPI/XPath-Injection-Lab.git``
``cd XPath-Injection-Lab``
``docker build -t bookapp . ``
``docker run -p 8888:80 bookapp``
**Tip: We recommend that you brainstorm on how logic operators work before attempting this lab.**
After hosting the vulnerable application, configure your browser to use an intercepting web proxy (like Burp Suite), and navigate to http://localhost:8888. Click on the “Find” button, as shown in the below screenshot, and intercept the request in your proxy. Satrt exploring XPath Injection in "title" paramter value.
