XPath Lab 3: Restricted Record Discovery
Trigger a restricted hit without submitting the real code (Hard)
Goal: Get the application to report a restricted item exists without submitting C900.
Hints
- The condition has two checks combined with and.
- Think about how to close the existing string and inject your own logic.
- Try to make the predicate evaluate true for the restricted row.
Why this works
Complex predicates can still be hijacked when raw input is inserted directly into XPath. By changing operator precedence and expression grouping, attackers can bypass intended conditions.