Introduction

This section collects techniques and notes for non-SQL injection classes frequently seen in assessments:

• XPath Injection: structure discovery, data exfiltration (union/traversal), blind methods, and prevention.

• LDAP Injection: filter syntax, injection primitives, and safe construction.

• HTML Injection in PDF Generators: rendering pitfalls and template injection (TBD).

Use the left navigation to jump into each subtopic.