Ver:
Ataque a
servidores web mediante peticiones XPath. Se trata de desconcertar al servidor
cuando analiza el sentido de la consulta XPath, provocando la revelación de
contenido XML al cual el cliente no debería tener acceso.
XPath injection
is an attack targeting Web sites that create XPath queries from user-supplied
data. If an application embeds unprotected data into an XPath query, the query
can be altered so that it is no longer parsed in the manner originally
intended. This can be done by bypassing the Web site authentication system and
extracting the structure of one or more XML documents in the site.
http://searchsoftwarequality.techtarget.com/glossary/
Temas relacionados