XPath Injection attacks - the "other white meat"?http://blogs.msdn.com/asanto/archive/2004/06/16/157517.aspxEveryone knows about securing apps from SQL injection attacks, but how many of you have given consideration to XPath injection protection? This (PDF:"Blind Xpath Injection") is a good introduction. A short excerpt shows why XPath injection can be moreen-USCommunityServer 2.1 SP1 (Build: 61025.2)re: XPath Injection attacks - the "other white meat"?http://blogs.msdn.com/asanto/archive/2004/06/16/157517.aspx#157618Thu, 17 Jun 2004 01:51:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:157618Bertrand Le RoyOn the other hand, you only risk information disclosure, whereas the dangers of SQL injection usually are the complete destruction of your database and/or taking control of the machine if the dba is careless enough. <br>So as usual, validate and escape user data, and don't store unencoded secrets in a xml file.re: XPath Injection attacks - the "other white meat"?http://blogs.msdn.com/asanto/archive/2004/06/16/157517.aspx#157860Thu, 17 Jun 2004 08:51:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:157860Addy SantoYou are correct, however I would suggest that theft of data is much more severe than a mere server crash. One is typically remedied by a simple restore operation, while the other is irreversible and cause serious monetary losses, not to mention tarnished reputations. <br> <br>Do you think Valve would have been in worse shape if someone crashed their database instead of stealing the halflife 2 codebase? I doubt it.XPath Injection Attackshttp://blogs.msdn.com/asanto/archive/2004/06/16/157517.aspx#160314Sun, 20 Jun 2004 10:20:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:160314paul.bzXPath Injection Attackshttp://blogs.msdn.com/asanto/archive/2004/06/16/157517.aspx#160906Mon, 21 Jun 2004 04:44:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:160906SecureCoder by Anil JohnXPath Injection Attackshttp://blogs.msdn.com/asanto/archive/2004/06/16/157517.aspx#160907Mon, 21 Jun 2004 04:44:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:160907SecureCoder by Anil Johnhttp://cyberforge.com/weblog/aniltj/http://blogs.msdn.com/asanto/archive/2004/06/16/157517.aspx#190756Thu, 22 Jul 2004 03:48:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:190756TrackBackhttp://cyberforge.com/weblog/aniltj/ Santomania XPath Injection attacks the other white meat | Wood TV Standhttp://blogs.msdn.com/asanto/archive/2004/06/16/157517.aspx#9672645Mon, 01 Jun 2009 02:23:52 GMT91d46819-8472-40ad-a661-2c78acb4018c:9672645 Santomania XPath Injection attacks the other white meat | Wood TV Stand<p>PingBack from <a rel="nofollow" target="_new" href="http://woodtvstand.info/story.php?id=10067">http://woodtvstand.info/story.php?id=10067</a></p> Santomania XPath Injection attacks the other white meat | Cast Iron Cookwarehttp://blogs.msdn.com/asanto/archive/2004/06/16/157517.aspx#9692324Wed, 03 Jun 2009 22:39:55 GMT91d46819-8472-40ad-a661-2c78acb4018c:9692324 Santomania XPath Injection attacks the other white meat | Cast Iron Cookware<p>PingBack from <a rel="nofollow" target="_new" href="http://castironbakeware.info/story.php?title=santomania-xpath-injection-attacks-the-other-white-meat">http://castironbakeware.info/story.php?title=santomania-xpath-injection-attacks-the-other-white-meat</a></p>