How to Do XPath Injection Tutorial to Hack Websites Database

Everyday we get news that so and so website is hacked by some Hacker and most of us think that Hacker is very genius but reality is quite different. Most of the hackers which defaces websites are novice hackers and perform these shameful acts just for popularity and show off. Its just the interest which varies from person to person, the web designer just concentrates on designing his website and hackers just focuses on searching of exploits. But did we had ever concentrated on the fact, if web designer starts searching exploits then how destructive he can be, and if he uses it positively then how much constructive that can be. So its your decision which path you will choose.. constructive or destructive . I can just provide you tutorials that will enhance you knowledge base..

Note: This article is for Educational Purposes only. Be
a part of constructive society. Fame and Name can also be earned by being on constructive side. I know its difficult but if you are good then you will be surely recognized.

So lets start with very basics... You all must be having basic knowledge of HTML and XML then i will leave those topics as they are very basic things if you deal with web in day to day life. If you don't know basics i will advice you to go to w3schools and have a quick review of these concepts.


What is XPath?

XPath is basically the syntax for defining parts of XML documents which uses path expressions to navigate in the XML document and its does with help of standard predefined functions like string values, numeric values, date and time comparison, sequence and Node manipulation etc..

Nowadays most of webmasters use XML documents to store sensitive data and uses XPath to navigate the data inside the XML documents. The main advantage for using XML documents is that they are so complex that they are almost unreadable for human. But we know where there is complexity, there is way for hackers to play their part. So friends lets start our tutorial on xPath Injection..

What is xPath Injection?

XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents. It can be used directly by an application to query an XML document, as part of a larger operation such as applying an XSLT transformation to an XML document, or applying an XQuery to an XML document.
In XPath injection, we try to inject data into an application so that it executes user-controlled XPath queries. When successfully injected, this vulnerability may allow an hackers to bypass complete authentication systems or access information without proper authorization.

Hacked by Gazzaly
Lets learn with the help of examples that how XPath works, in below example we have a sample XML Database File:
<?xml version="1.0" encoding="ISO-8859-1"?> 

In the above code shows the basic format how XML file that is used to store sensitive

Now if we want to retrieve the information about Administrator from the above XML file, we have to write a XPath  Better to Try Next Tutorial .. If u need only i'll teach so better to Comment ;)))))


  1. Dear Author can you please explain this topic briefly.I liked this topic because my website is in XML and need to protect.

    1. #Rajesh :

      Wait Wait I'll Blog Balance part of Xpath Hacking Method



Any Doubts ??
Don't wait till last Breath just Leave a Comment Below ;)

Hacking Articles for Free...