LDAP Injection |
Overview LDAP injection attempts to input snippets of LDAP script into an application that passes the input to an LDAP server. The attack takes advantage of the trust the LDAP server has in the application The attack executes on the LDAP server using the application account LDAP injection allows an attacker to bypass access controls on LDAP data stores. This may result in data disclosure. Depending on how the application interprets the data extracted, LDAP injection may result in authentication or authorization bypass or other logical vulnerabilities. Video Tutorials Discovery Methodology Ideally, attempt to fuzz input fields to cause error message. For example, injection of "(" produces an error. Even if system does not display an explicit message, injection may cause a change detectable with differential analysis
python -c 'for i in [0x20,0x23,0X22,0X2B,0X2C,0X3B,0X3C,0X3E,0x5C,0x00]:print(chr(i))' > /tmp/injections.txt
Exploitation Similar to SQL injection, there is no particular pattern that will work. It depends on the code implemented by the application. The correct injection to use may not be obvious. Error message do not always disclose query or search logic. Learning common design patterns helps know which injections might work. The following general patterns apply to many applications. If there is no logic operator (OR or AND), the bolded injections may work assuming they fit into the assumed application code segments (non-bolded parts)
Videos |