I understand how xPath Injection works but...

Well there is one recent thread on this level which has all hints needed!

You have a lot of words on yours inputs…. remember there is 2 inputs on formular

hope that help a bit

You see, you’ve been putting way too much into the injection, this level is simple just like an regular SQL injection

You start with the basic
beh' or 1=1 or ‘a’=‘a
This is for when you know nothing whatsoever so you make a statement that’s always true
but here you do know the realname, which is a statement that is always true for that single account, so you’d modify the generic injection to include that information
Oh and don’t forget to input something for the password as well, I was stuck here for a bit because I forgot that

All i can tell is that >> password/text()=‘’[/spoiler] && [spoiler]realname/text()=‘SandraMurphy’]/user/text()) are not really required :).

I LOVE YOU Wibben lol, you said the best hint !

If anyone thinks I’ve said too much I’ll gladly edit it

Thank you very much guys, I will try again with what you said. :)

Haha I think its just under the lid @Wibben ! :p

It seems to be soooo evident according to your comments…

I tried, based on Wibben advice :

beh' or 1=1 or realname/text()=‘SandraMurphy

But there is, as usual, “Error with request”.
Am I using a syntax I should not ?
I just replaced a statement always true by another I know.
Can we use the “WHERE” function as in SQL ?
I put ‘beh’ in the password input.

Thank you !

when you looked at the xml file, what was the original variable name?

and also with what to replace is almost like human relationships
male X male
female X female
male X female
These types of relationships are all acceptable but only one works for this level
:)

I also tried with

realname[/spoiler]
but it didn’t work…

EDIT : Thanks to your advice I reached that point :
[spoiler]beh' or ‘1’ = ‘1’ or realname=‘SandraMurphy

You are just not relating to the hints @Hackay . Don’t try to copy them as your answers….try to understand them and then use whats necessary and apt !! During this time , reading comes to a great help , so just understand it….read all about it and work the necessary thing. You have got more help than you asked for in this thread…so its time that you just go through them and the others if needed….
You won’t get over the levels so easily….you gotta dwell deeper to see things !!

Ok, thank you everyone for your help, I close and go to read again ! :)