Attack Principle
Server use XPath , Client Inject XPath code.
Reference Documents:
https://www.cnblogs.com/backlion/p/8554749.html
Attack Inject Way
Query boolean
http://127.0.0.1/xpath/index.php?name=admin' or '1'='1&pwd
http://127.0.0.1/xpath/index.php?name=fake' or '1'or'1&pwd=fake
Document Scan
null
Bind Inject
null