C Sharp Xpath Injection Unvalidated Input
Description
Detects potential XPath injection vulnerabilities in C# code where untrusted input is used in XPath queries via XPathNavigator.SelectSingleNode(). XPath injection can allow attackers to modify queries to access unauthorized data or manipulate XML document processing.
Detection Strategy
• Identifies usage of XPathNavigator objects in the code
• Looks for calls to SelectSingleNode() method on XPathNavigator instances
• Checks if the XPath query string parameter contains unvalidated or unsanitized input
• Reports a vulnerability when SelectSingleNode() is called with user-controllable input without proper validation
Vulnerable code example
using System.Xml.XPath;
public class XPathExample {
public void ProcessXPath() {
string userInput = GetUserInput(); // Simulated user input
XPathNavigator navigator = new XPathNavigator();
// Vulnerable: Unsanitized user input directly used in XPath query
XPathNavigator result = navigator.SelectSingleNode(userInput);...✅ Secure code example
using System.Xml.XPath;
using System;
public class XPathExample {
public void ProcessXPath() {
string userId = GetUserInput();
// Validate input is numeric to prevent XPath injection...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.