Ok, so I know how do SQL injection, and after looking up “XPath Injection” and “XML Injection” it looks to be very similar.
I also know that the example provided in the hint is to give us the right element name to use.
So I am using this:
‘1=1 or 'a’=‘a or 'realname=Sandra Murphy’
as well as a bunch of variations, but I still get invalid login errors.
I know that the “real name” needs to go at the end because of the element structure in the XML.
What am I doing wrong?
<‘b><'font-size=100pt>WELCOME TO MY MYSPACE!!!1!</'font></'b>
Nevermind, I figured it out. had my arguements jumbled.