Skip to content
This repository was archived by the owner on Jan 29, 2026. It is now read-only.

feakk/xxxpwn

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
attacks
attacks
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
xxxpwn.py
xxxpwn.py
 
 

Repository files navigation

xxxpwn : XPath eXfiltration eXploitation Tool : https://github.com/feakk/xxxpwn Designed for blind optimized XPath 1 injection attacks

xxxpwn uses a variety of XPath optimizations to query custom information from a backend XML dodcument served from a location where XPath injection is present. By default it will attempt to retrieve the entire remote database, though this can be customized using a variety of options.

A number of previous discovered vulnerabilities have been provided as injection files and target scripts for ease in getting started. This includes a sample payload provided for the vulnerable application provided as part of xcat.py: https://github.com/orf/xcat

Project Archived January 28, 2026

About

Advanced XPath Injection Tool

Resources

Readme

License

View license
Activity

Stars

33 stars

Watchers

8 watching

Forks

12 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages