Add support for Custom Payloads in XPath Injection scan rule for detection of uncommon errors

### Describe the bug:

As shown in the figure below, Active scan is performed on the selected URL. After the scan is completed, there is no high-risk Xpath injecion prompt
![](https://github.com/user-attachments/assets/1716ef72-3267-4969-ad0a-7ca7d71eb565)

And, I enter the following URL in the browser and all user information is returned
`http://localhost:8081/xpathLogin?username=admin' or '1'='1&password=anything`


### Steps to reproduce the behavior:

1 choose the xpathLogin url
2 right click
3 select Attach
4 click Active Scan
5 start scan

### Expected behavior:

XPath injection risk is detected

### Software Versions:

2.16.1

### Screenshots:

![](https://github.com/user-attachments/assets/aec46bc5-9acb-446f-82d5-7355610e2188)

![](https://github.com/user-attachments/assets/2b9171f6-477f-4942-892f-0d3848bd364e)

### Errors from the zap.log file:

_No response_

### Additional context:

_No response_

### Would you like to help fix this issue?

- [x] Yes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add support for Custom Payloads in XPath Injection scan rule for detection of uncommon errors #8958

Describe the bug:

Steps to reproduce the behavior:

Expected behavior:

Software Versions:

Screenshots:

Errors from the zap.log file:

Additional context:

Would you like to help fix this issue?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add support for Custom Payloads in XPath Injection scan rule for detection of uncommon errors #8958

Description

Describe the bug:

Steps to reproduce the behavior:

Expected behavior:

Software Versions:

Screenshots:

Errors from the zap.log file:

Additional context:

Would you like to help fix this issue?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions