XPath injection TL;DR: User input concatenated into XPath query — blind extraction of XML documents via boolean / time-based probes. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References https://owasp.org/www-community/attacks/XPATH_Injection