Code injection derives from a software vulnerability that allows a malicious user to inject custom code into the server engine. In recent years, there have been a great number of such exploits targeting web applications. In this paper we propose an approach that prevents a specific kind of code injection attacks known as xpath injection in a novel way. To detect an attack, our scheme uses location-specific identifiers to validate the executable xpath code. These identifiers represent all the unique fragments of this code along with their call sites within the application.
Mitropoulos, Dimitris; Karakoidas, Vassilios; and Spinellis, Diomidis, "Fortifying Applications Against Xpath Injection Attacks" (2009). MCIS 2009 Proceedings. 95.