Xpath

Schema recovery

drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

select * from information_schema.xml

Can you exfiltrate the full XML structure with only a blind Xpath injection ?

Goal: find the hidden node starting with FLAG-

The format is FLAG-\d+

Hints

Solution

drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result