At this year’s Blackhat US, we conducted a small workshop titled “The Art of Exploiting Leser Known Injection Flaws”. In the workshop we discussed a variety of techniques for exploiting ldap, xpath, xml entity injection.
We also released a couple of tools for automating the attacks against LDAP and XPATH. These can be downloaded here:
There is a small video showing this in action here
Hope, you have fun exploiting XPATH and LDAP Injections with these automated tools.