Automating Advanced XPath Injection Attacks

Presented at Kiwicon 7: Cyberfriends (2013), Nov. 9, 2013, 2:15 p.m. (30 minutes)

The current tools available to exploit XPath injection suck. In this talk I will go logarithmic on their ass and introduce an injection tool that your mother would be proud of. From web developers who use XML there shall be much wailing and gnashing of teeth.


  • Paul 'sss' Haas
    Paul Haas rejects the tyranny of ASCII and returns to you the ๐›๐“ฎฮฑส‹๐˜๐š’๐š๐•ฆ๐™ก ๐š™๐™ง๐›๐šœ๐–Šโ€„ึ…๐–‹โ€‚๐”๐‘›ฤฑ๐–ˆเป๐˜ฅโ„ฎ. With over nine years of experience, he is currently employed with in Wellington performing a variety of computer security assessments. When not solving problems he enjoys increasing their complexity and is known to respond to Mario Kart duels with great gusto.


Similar Presentations: