XML SQL Injection
XML Injection is an attack technique used to manipulate or compromise the logic of an XML application or service. The injection of unintended XML content and/or structures into an XML message can alter the intend logic of the application. Further, XML injection can cause the insertion of malicious content into the resulting message/document.
An example of XML injection to include insertion of full XML structures:
Consider this example XML document:
If the attacker were to inject the following values for a new user 'frfgrey':
Username: alice
Password: iluvgrey
E-mail: alice@example3.comHacker l33tist 0hacker@exmaple_evil.net
Then the resulting XML document would be:
In this example a new user (Hacker) will be inserted into the table with user ID 0. In many cases with XML applications, the second user ID instance will override the first. This results in the injected new user 'Hacker' being logged in with userid=0 (which often is used as the administrator uid).
Another type of XML injection is where CDATA elements are used to insert malicious content. One example of this is where XML message payloads that contain a CDATA field can be used to inject illegal characters/content that are ignored by the XML parser.
http://www.exmaple.com/logo.gif onmouseover=javascript:alert('Attack');>]]>
In this example an XML/HTML application can be exposed to an XSS vulnerability. This state is achieved because the CDATA content is unparsed and therefore will be missed by schema validation based input validation filters.wish you a happy hacking career. never forget to thanks bd grey hat hackers team :)