secure-code-warrior-for-github[bot]
commented
4 months ago Micro-Learning Topic: XPath injection (Detected by phrase)
Matched on "xpath injection"
XPath injection is a vulnerability that arises when unsafe input is used in the construction of XPath query strings. Since XPath does not allow for data manipulation, exploiting an XPath injection vulnerability cannot result in unauthorised modification of the target XML document. However, depending on how the application uses the result of an XPath query, it may affect subsequent processing and allow unauthorised access to data or application functionality.
Try a challenge in Secure Code Warrior
Helpful references
- OWASP testing for XPath Injection - This article is focused on providing testing techniques for identifying XPath injection flaws in your applications.
- OWASP XPath Injection - OWASP community page with comprehensive information about XPath injection, and links to various OWASP resources to help detect or prevent it.
closes #12