# X marks the spot (250)

## Problem

Another login you have to bypass. Maybe you can find an injection that works?

{% embed url="<http://mercury.picoctf.net:16521/>" %}

## Solution

I've turned this into a Medium article! Read the solution here:

[Blind XPath Injections: The Path Less Travelled](https://zhangzeyu2001.medium.com/blind-xpath-injections-the-path-less-travelled-6f03ce5ec8f6)

## References

1. <https://owasp.org/www-community/attacks/XPATH_Injection>
2. <https://book.hacktricks.xyz/pentesting-web/xpath-injection>