xcat is an advanced tool for exploiting XPath injection vulnerabilities, featuring a comprehensive set of features to read the entire file being queried as well as other files on the filesystem, environment variables and directories.
The easiest way to get started is to install the tool via pip:
pip install xcat
You can then use the
xcat command to launch attacks.
See commands for a full reference.
This demo shows xcat retrieving the full current XML file being queried, including data that should
be private (passwords). It uses the
--fast option to speed up retrieval. See the command reference
for a full rundown of what XCat can do and how to use it.
XPath functions reference
There is an amazing reference with all the available XPath functions here: https://maxtoroq.github.io/xpath-ref/