Blind XPath Injections: The Path Less Travelled

Booleanization and XML Crawling

This article is inspired by the “X marks the spot” challenge in picoCTF 2021. For the solution to the challenge, skip to the ‘Exploitation’ section.

While SQL injections are one of the most common web application vulnerabilities, its less notorious twin can be equally, if not more dangerous.