Am I on the right track with this?

Sandra Murphy

Odin [0din]
2 weeks ago | edited 2 weeks ago


Ok, so I know how do SQL injection, and after looking up “XPath Injection” and “XML Injection” it looks to be very similar.

I also know that the example provided in the hint is to give us the right element name to use.

So I am using this:

‘1=1 or 'a’=‘a or 'realname=Sandra Murphy’

as well as a bunch of variations, but I still get invalid login errors.

I know that the “real name” needs to go at the end because of the element structure in the XML.

What am I doing wrong?

Thread has been resolved, jump to solution
Odin [0din]
2 weeks ago


Nevermind, I figured it out. had my arguements jumbled.

Discussion thread has been locked. You can no longer add new posts.
1 of 2

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.