killchain-compendium/Exploits/Web/XPath.md

7 lines
319 B
Markdown

# XPATH injection
* Similar to SQL injection, it is a input/parameter injection
* [payloads all the things XPATH](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XPATH%20Injection)
* Use [lanfran's payload list](https://lanfran02.github.io/posts/cold_vvars/XPATH_list.txt) as burpsuite sniper payload