Problem

Another login you have to bypass. Maybe you can find an injection that works?

Solution

I've turned this into a Medium article! Read the solution here:

Blind XPath Injections: The Path Less Travelled

References

1. https://owasp.org/www-community/attacks/XPATH_Injection

2. https://book.hacktricks.xyz/pentesting-web/xpath-injection