clearly I need to do an Xpath injection for some sort but I don’t have experience with XML other than what I’ve researched for the challenge[/Spoiler] and from this I’ve come to two possible solutions <!- either convert normal SQL injections into Xpath injections and see if it eventually works or construct a Xpath query and try to inject that.
problem with this is that I’m still trying to wrap my head around how to inject these properly.
[Spoiler]this is the query I’ve come up with so far (//user/users[realname/text()=‘Sandra Murphy’ and password/text()=‘’ or 1=1 and login/text()=‘'or 1=1]) -!>
sorry about the poor typing I’ve very cold.