I will beat the challenge on weekend, now I am busy in work :) 2009/12/15 Brandon Betances <[email protected]>
> very good read. we need more stuff like this floating around our group. > just curious, did you end up winning the challenge? > > > On Tue, Dec 15, 2009 at 3:10 AM, Processor-Dev1l < > [email protected]> wrote: > >> well, after a really long time I logged into my account and >> HellBoundHackers and I found one very interesting challenge that is >> new for me, Web Hacking Basic 29, why am I writing this here? >> Because to win the challenge you have to use XPath Injection. >> XPath Injection is very powerful attack (something in way of SQL >> Injection) and attacker can log into your xml-based database with no >> knowledge of usernames/passwords, view contents of your xml database >> and change its content. >> >> Very good description can be found here >> http://www.webappsec.org/projects/threat/classes/xpath_injection.shtml >> I hope this will help many programmers to more secure their apps :) >> > >
