Research on XPath injection attack and its defense technology
Lupeijun
(School of Computer Science and Technology, Nantong University, Nantong 226019, Jiangsu)
Summary XML technology is widely used, and the security of XML data is more and more
XPath Introduction
XPath is a W3C standard. It is designed to locate nodes in the xml1.0 or xml1.1 document node tree. Currently, xpath1.0 and xpath2.0 are available. Xpath1.0 became the W3C standard in 1999, while xpath2.0 standard was established
Avoid the risk of XPath Injection-- Be aware of risks to better protect XML applications
Robi Sen (rsen@department13.com), Vice President of service, Department13
With the development of simple XML APIs, Web Services, and Rich Internet Applications
This article mainly introduces a special type of code injection attack: XPath blind.
If you are unfamiliar with XPath 1.0 or need to know the basics, check the W3 Schools XPath Tutorial. You can also find a lot of articles on DeveloperWorks that use
Reading Catalog 1.HtmlAgilityPack Introduction 2.XPath Technology Introduction and Usage 3. Weather Collection Case 4. Resources
The first contact Htmlagilitypack was 5 years ago, some accidents, let me from the technical department temporarily
After converting an XML or HTML document into a DOM tree structure, how can we locate a specific node? XPath enables this function to navigate through the path and attributes of nodes in the DOM tree. Through the XPath path expression, you can
In the. NET Framework 2.0, you can use the classes under the System.Xml.XPath namespace to make path-based queries to an XML document, and you need to construct a SQL-like query string that follows the XPath syntax during the query process. It is
XPath can quickly navigate to a node or attribute in the XML. The XPath syntax is simple, but powerful enough, and it is also the basic knowledge of using XSLT.Sample xml:
1234567891011121314151617181920212223242526272829
xmlversion=
http://goessner.net/articles/JsonPath/[ edit] [ comment] [remove] | 2007-02-21| E1 # Jsonpath-xpath for JSON A frequently emphasized advantage of XML is the availability of plenty tools to analyse, transform and selectively extract Data out of
XPath data type
XPath can be divided into four types of data:
Node Set (node-set)
A node set is a set of nodes that match the criteria returned by a path. Other types of data cannot be converted to node sets.
Boolean Value (Boolean)
A conditional
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.