Ataque a
servidores web mediante peticiones XPath. Se trata de desconcertar al servidor
cuando analiza el sentido de la consulta XPath, provocando la revelación de
contenido XML al cual el cliente no debería tener acceso.
XPath injection is an attack
targeting Web sites that create XPath queries from user-supplied data. If an
application embeds unprotected data into an XPath query, the query can be
altered so that it is no longer parsed in the manner originally intended. This
can be done by bypassing the Web site authentication system and extracting the
structure of one or more XML documents in the site.
http://searchsoftwarequality.techtarget.com/glossary/