Automating Advanced XPath Injection Attacks

Presented at Kiwicon 7: Cyberfriends (2013), Nov. 9, 2013, 2:15 p.m. (30 minutes).

The current tools available to exploit XPath injection suck. In this talk I will go logarithmic on their ass and introduce an injection tool that your mother would be proud of. From web developers who use XML there shall be much wailing and gnashing of teeth.

Presenters:

• Paul Haas / sss   as Paul 'sss' Haas
  Paul Haas rejects the tyranny of ASCII and returns to you the 𝐛𝓮αʋ𝘁𝚒𝚏𝕦𝙡 𝚙𝙧𝛐𝚜𝖊 օ𝖋 𝐔𝑛ı𝖈໐𝘥℮. With over nine years of experience, he is currently employed with Security-Assessment.com in Wellington performing a variety of computer security assessments. When not solving problems he enjoys increasing their complexity and is known to respond to Mario Kart duels with great gusto.

Links:

• https://2013.kiwicon.org/the-con/talks/#e116

Similar Presentations:

• Black Hat USA 2011 / WORKSHOP - The Art of Exploiting Lesser Known Injection Flaws
• DerbyCon 2.0 Reunion (2012) / Rapid Blind SQL Injection Exploitation with BBQSQL
• Black Hat Europe 2015 / Commix: Detecting and Exploiting Command Injection Flaws