-
Notifications
You must be signed in to change notification settings - Fork 0
/
ldap
26 lines (12 loc) · 846 Bytes
/
ldap
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Example 1: Search Filters
Let's suppose we have a web application using a search filter like the following one:
searchfilter="(cn="+user+")"
which is instantiated by an HTTP request like this:
http://www.example.com/ldapsearch?user=John
If the value 'John' is replaced with a '*', by sending the request:
http://www.example.com/ldapsearch?user=*
the filter will look like:
searchfilter="(cn=*)"
which matches every object with a 'cn' attribute equals to anything.
If the application is vulnerable to LDAP injection, it will display some or all of the users' attributes, depending on the application's execution flow and the permissions of the LDAP connected user.
A tester could use a trial-and-error approach, by inserting in the parameter '(', '|', '&', '*' and the other characters, in order to check the application for errors.