killchain-compendium/exploit/web/xpath.md

# XPATH injection

* Similar to SQL injection, it is a input/parameter injection

* [payloads all the things XPATH](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XPATH%20Injection)
* Use [lanfran's payload list](https://lanfran02.github.io/posts/cold_vvars/XPATH_list.txt) as burpsuite sniper payload
bump 2022-02-07 23:37:05 +01:00			`# XPATH injection`

			`* Similar to SQL injection, it is a input/parameter injection`

			`* [payloads all the things XPATH](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XPATH%20Injection)`
			`* Use [lanfran's payload list](https://lanfran02.github.io/posts/cold_vvars/XPATH_list.txt) as burpsuite sniper payload`