# Introduction

This section collects techniques and notes for non-SQL injection classes frequently seen in assessments:

* XPath Injection: structure discovery, data exfiltration (union/traversal), blind methods, and prevention.
* LDAP Injection: filter syntax, injection primitives, and safe construction.
* HTML Injection in PDF Generators: rendering pitfalls and template injection (TBD).

Use the left navigation to jump into each subtopic.