A little while ago I managed to find a website that was vulnerable to XPath Injection and I can potentially leak the entire database of said website. I'm not sure it's worth it though. As far as I can tell, the website has 37k addresses for its users and that's it. I haven't found any large amounts of user info yet. Might be missing something though. I can send someone the URL for the site in PM if you want so you can check it out too.
I was thinking about coding a python script that was somewhat similar to SQLMap that would automate the process of dumping the entire database, but so far I've not had any luck.
I was thinking about coding a python script that was somewhat similar to SQLMap that would automate the process of dumping the entire database, but so far I've not had any luck.