XML XPath Injection Login Form Low Security Level
XML/XPath Injection (Login Form)
Solution:
Step 1. Enter ' in the login text box and click on the Login button and check the results.
(Please follow video for more details).
Error: Warning: SimpleXMLElement::xpath(): Invalid predicate in /var/www/html/bWAPP/xmli_1.php on line 78
You can go through the entire code.
We will try login with the credentials neo and trinity
Lets do a white box testing
Login successful
You can also test the lesson with logically true statements as below.
Step 2. Enter the below code in the login text box
-) PseudoTime'or 1=1 or '1'='1
Instead of PseudoTime you can use your own name or you can simply ignore the prefix
Step 3. You can keep the password blank or give password of your choice.
We will check with both the conditions:
1. Without password
2. With password (You can enter any value of your choice).
You can test the lesson with other logically true statements.
PseudoTime
