June 2017
Intermediate to advanced
338 pages
8h 28m
English
XML injections typically look to shim data into an XML element, whether it be in its Node Attribute, Node Value, or CDATA fields. In the following snippet, we see a simple entry for something I might be shopping for, but will love to get cheaper (this is a simulated scenario, I always pay fair prices for my beverages):
<catalog> <item id="607"> <brand>Russian River</brand> <beer>Pliney the Elder, 12 oz.</beer> <price>8.99</price> </item></catalog>
Now if I am not excited about paying for that, or will like to make it free, I could deliver a payload via XML that alters the game just a little bit. Here is the payload I might shim into the server's XML file:
3.99</price></item><item id="608"><brand> Russian River</brand><beer>Pliney ...
Read now
Unlock full access