LAB 6

XPATH Injection

1. Introduction
XPath, a component that helps to retrieve information in XML files, is the premise
for applying the XML stylesheet to generate custom output. In addition, XPath also
provides the foundation for fast, efficient data parsing of XML documents. In the
web application, the XPath can be exploited by injecting into the query syntax.

2. Preparation
- Install the open source test lab bwapp, download the following link:
http://www.itsecgames.com/
- Computer running windows operating system. Require to disable the firewall on
the system.
- The source code management mysql - phpmyadmin
https://www.phpmyadmin.net/downloads/
- XAMPP download by following link:
https://downloadsapachefriends.global.ssl.fastly.net/xampp-files/5.6.31/xampp-
win32-5.6.31-0-VC11-installer.exe?from_af=true
- The browser software chrome, firefox 10.0, 7zip, Notepadd ++.

3. Implementation steps
- Download bWAPP. Go to the xampp directory in drive C
- Go to the htdocs directory, Paste forder bWAPP into htdocs
- Go to the bWAPP forder> Go to admin directory> Edit setting.php file according
to mysql parameter of xampp
 - Enable xampp into localhost / phpmyadmin, Click user account and select
Add user account> Enter user name information, select local host name,
enter password

- Back to the setting.php file, edit the user name, pass to user name, pass this set,
db_name to user name and save.
- Go to localhost / bWAPP / bWAPP / install.php to install bWAPP (install
bWAPP as DVWA install). Click here to install bWAPP
- We go to localhost / bWAPP / bWAPP / login.php to login to bWAPP. User: bee.
Pass: bug. Click login

- Login is complete, we choose to set your security level is low. Click set.
- Select XML / Xpath Injection (Login Form). Click hack to conduct lab practice
- The XPpath injection interface is the login form interface

- Type 'click login'. We see the login message is not

- We type: 'or' 1 '=' 1. For both user and pass and click login. We see bWAPP
announces welcome Neo. We successfully bypass login with XPath injection
technique

1. Thực hành Xpath injection ở 3 mức bảo mật

2. Ghi rõ và so sánh code ở 3 mức bảo mật.
3. Kiểm thử để chống đăng nhập theo 'or' 1 '=' 1.
4. Lổ hổng bảo mật đăng nhập này ở đâu, ảnh hưởng tới đâu
5. Nêu các lỗi về đăng nhập và nêu cách phòng chống.