XSL/Xpath: extensible stylesheet langauge Xpath is the xml search and display tool used similar to SQL querying technology. We test xpath vulns in a verry similar way to sql injection. Then we can automate the fuzzing with xcat which is similar in nature to sqlmap. Testing a true false:

Then now that we know we are able to run logic commands. Then we test the following to see if we can bleed out the first letter of the node in the xml document.

Once we confirm a letter works then we can utilize xcat to automate the full xml document leak.