Dashboard Articles Playground Discussions More
Follow

think I've figured out the right avenue of attack

Sandra Murphy

Evil3d11
5 years ago

0

okay so here’s what I’ve figured out so far.

clearly I need to do an Xpath injection for some sort but I don’t have experience with XML other than what I’ve researched for the challenge[/Spoiler] and from this I’ve come to two possible solutions <!- either convert normal SQL injections into Xpath injections and see if it eventually works or construct a Xpath query and try to inject that. problem with this is that I’m still trying to wrap my head around how to inject these properly.
[Spoiler]this is the query I’ve come up with so far (//user/users[realname/text()=‘Sandra Murphy’ and password/text()=‘’ or 1=1 and login/text()=‘'or 1=1]) -!>
sorry about the poor typing I’ve very cold.

4replies
2voices
217views
fred [feuerstein]
5 years ago

0

You are on a good track, maybe you find some information on owasp

Evil3d11
5 years ago

0

wait. do I need to call the >> username as well

fred [feuerstein]
5 years ago

0

You can do without too

Evil3d11
5 years ago

0

just did it.
felt like throwing darts at an invisible board.

Discussion thread has been locked. You can no longer add new posts.
1 of 5

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss