killchain-compendium/Exploits/Web/XPath.md

# XPATH injection

* Similar to SQL injection, it is a input/parameter injection

* [payloads all the things XPATH](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XPATH%20Injection)
* Use [lanfran's payload list](https://lanfran02.github.io/posts/cold_vvars/XPATH_list.txt) as burpsuite sniper payload
restructured Exploits 2022-11-13 22:38:01 +01:00			`# XPATH injection`

			`* Similar to SQL injection, it is a input/parameter injection`

			`* [payloads all the things XPATH](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XPATH%20Injection)`
			`* Use [lanfran's payload list](https://lanfran02.github.io/posts/cold_vvars/XPATH_list.txt) as burpsuite sniper payload`