As a follow-up to the previous post “SQL Injection Detection Optimization“, I wanted to post a testing polyglot which works for testing against XPath injection vulnerabilities:
or 1(:’or”or'”!=’!=”:)
Numeric context:
or 1(:’or”or'”!=’!=”:)
Single quotation:
or 1(:‘or”or’“!=’!=”:)
Double quotation:
or 1(:’or“or’“!=’!=”:)
See if you can come up with one that is shorter.
(: Have a happy day :)