XPath injections occur in an application when the application retrieves untrusted data and inserts it into an XML Path (XPath) query without
sanitizing it first.
What is the potential impact?
In the context of a web application vulnerable to XPath injection:
After discovering the injection point, attackers insert data into the
vulnerable field to execute malicious commands in the affected XML documents.
The impact of this vulnerability depends on the importance of XML structures in the enterprise.
In cases where organizations rely on XML
structures for business-critical operations or where XML is used only for innocuous data transport, the severity of an attack ranges from critical to
harmless.
Below are some real-world scenarios that illustrate some impacts of an attacker exploiting the vulnerability.
Data Leaks
A malicious XPath query allows direct data leakage from one or more databases. Although XML is not as widely used as it once was, this possibility
still exists with configuration files, for example.
Data deletion and denial of service
The malicious query allows the attacker to delete data in the affected XML documents.
This threat is particularly insidious if the attacked
organization does not maintain a disaster recovery plan (DRP) and if XML structures are considered important, as missing critical data can disrupt the
regular operations of an organization.
