Skip to content
/ blind_xpath_exploit Public

A script that aids in retrieving XML output via Blind XPath Injection.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Ressurect0/blind_xpath_exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

char

char

 
 

xpath_d2.py

xpath_d2.py

 
 

Repository files navigation

blind_xpath_exploit

A script that aids in retrieving XML output via Blind XPath Injection. Features:

  • Multi-processing
  • Extract output starting from any node (from current node to child node only, recursion not yet added)
  • Currently supports only POST form submissions
  • Custom wordlist to reduce the possible bruteforce combinations

Note: Please modify the script to include cookies. This script was designed to retrieve sensitive XML data from a functionality where no authentication was required (Apparently the script performed faster without sending cookies.).

About

A script that aids in retrieving XML output via Blind XPath Injection.

Topics

automation blind injection xpath security-tools

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages