Xpath

Simple Login Bypass

by YesWeHack
drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

Try to find a way to login as the admin.

Goal: the query must return true

Hints

Hint #1
expand_more

Like in SQL injection you can escape the string context with a quote.

Solution

Read the solution
expand_more

$pass = ' or '1

Explanation

By using a single quote, we can evade the string context where is injection take place and inject extra XPath expressions.

To bypass the login the boolean operator OR do the job. Here we used or '1' as it evaluate to true.

drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result