CAPEC-250: XML Injection
ID
CAPEC-250
Likelihood Of Attack
High
Status
Draft
An attacker utilizes crafted XML user-controllable input to probe, attack, and inject data into the XML database, using techniques similar to SQL injection. The user-controllable input can allow for unauthorized viewing of data, bypassing authentication or the front-end application for direct XML database access, and possibly altering database information.
Weaknesses
Taxonomiy Mapping
Type | # ID | Name |
---|---|---|
WASC | 23 | XML Injection |