Zhang Zeyu

Mar 31, 2021

6 min read

Blind XPath Injections: The Path Less Travelled

Booleanization and XML Crawling

This article is inspired by the “X marks the spot” challenge in picoCTF 2021. For the solution to the challenge, skip to the ‘Exploitation’ section.

Photo by Caleb Jones on Unsplash

While SQL injections are one of the most common web application vulnerabilities, its less notorious twin can be equally, if not more dangerous.