If your website is less than 3 years old since its last update, then most likely some form of XPath is
used to render the web page content on your website. XPath is a very good and standardised tool that allows
the developer the find information quickly from a XML data source. A well developed website will use XML as
its data source due to its simple yet strong block structure.
The problem with using XPath is that hackers can manipulate the queries and retrieve data from sections of
the XML served that needs authentication, such as valuable information structure such as : ID’s, File Paths
etc. Using this information to make a much more detailed attack. In most cases the XML served is manipulated
to display advertisements on the hacked website and hence causing reputational damage.
WebSafe Will test XPath Manipulation:
Websafe will try to gain access to supplied XML(if any) and manipulate the results in XPath v1.0 and v2.0.