XQuery Injection uses improperly validated data that is passed to XQuery commands. This in turn will execute commands on behalf of the attacker that the XQuery routines have access to. XQuery injection can be used to enumerate elements on the victim's environment, inject commands to the local host, or execute queries to remote files and data sources. Like SQL injection attacks, the attacker tunnels through the application entry point to target the resource access layer. XQuery Injection is a variant of the classic SQL injection attack against the XML XQuery Language.
Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.
✕