XPath injection occurs when an XML document is used for data storage in a manner similar to a relational database. This attack is similar to SQL injection (MSC34MSC33-J. Prevent against SQL Injection), wherein an attacker is able to enter valid query logic into data fields. Most often, the conditional field of the query resolves to a tautology or gives the attacker access to privileged information.
...