This project consists in a solution for data collection of vulnerable web applications through the use of black box scanners Blind XPath Injection techniques.
These Blind XPath Injection techniques are well-known since 2004, when they were published in the paper "Blind XPath Injection" by Amit Klein.
The paper explains this attack, which consists in obtaining the XML tree of the vulnerable web application by using different language Xpath queries, a query language for XML documents created by W3C.
To automate the process of obtaining the XML tree of a web application, there was developed an application with Microsoft Visual Studio 2008 programming language C#.
The application can check whether a given Web application is vulnerable to Blind XPath Injection attack techniques and is able to obtain, if vulnerable, the tree of XML data from that application.

Last edited Jul 8, 2009 at 12:19 AM by DavidRD, version 2