XPath injection occurs when an XML document is XML can be used for data storage in a manner similar to a relational database. Typically, data may be retrieved from such an XML document using XPaths. XPath injection can occur when data supplied to an Xpath retrieval routine to retrieve data from an XML document is used without proper sanitization. This attack is similar to SQL injection or XML injection (see the appropriate parts of IDS00-J. Sanitize untrusted data passed across a trust boundary) wherein where an attacker can enter valid SQL or XML constructs in the data fields of the query in use. Typically, the conditional field of the query resolves to a tautology or gives the attacker access to privileged information.
This guideline is a specific example of the broadly scoped IDS51-JG. Prevent code injection.
...
If an attacker knows that Utah is a valid login ID, he or she they can specify an input login ID such as:
...