Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a website online and when i scanned the website with webcruiser(web vuln scanner) software it found results for Xpath injection. I want to know whether websites with mysql databases were prone to this kind of attack
Thanks in advance for your help
This article contains the answers to your questions:
http://www.ibm.com/developerworks/xml/library/x-xpathinjection/index.html
The risk of XPath injection is irrelevant on the RDBMS used — it is only related on whether a web application constructs a raw (not precompiled) XPath expression parts of which are taken from the end-user’s input.
To avoid XPath injection one must precompile the XPath expression in advance with any parts that correspond to user-entered values — specified as variables/parameters.