10 Hacking Exposed Web 2.0
Note that XPath is a subset of a larger XML querying language called XQuery. Like
XPath and SQL, XQuery possess identical injection problems. With a little knowledge of
XQuery syntax and after reading this chapter, you should have sufficient knowledge to
be able to test for XQuery injections, too.
Preventing XPath Injection
The process for fixing XPath injection is nearly identical to that for fixing SQL injections.
Namely, constrain data types and escape strings. In this case, you must escape with
HTML entity encodings. For example, an apostrophe is escaped to '. As noted
earlier, use the appropriate escape routine accompanying the XPath library you are
using, as XPath implementations differ.
Command Injection
Popularity: 8
Simplicity: 8
Impact: 10
Risk Rating: 10
A successful command injection attack gives the attacker complete control of the
remote system.
When user input is used as part of a system command, an attack may be able to inject
system commands into the user input. This can happen in any programming language;
however, it is very common in Perl, PHP, and shell based CGI. It is less common in Java,
Phython, and C#.
Pages:
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71