LDAP injection!!

0
LDAP=Lightwieght Directory Access protocol. This protocol is used to accessed directory server over network which use port number 389.

If you don’t know about LDAP then here you go: http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol

LDAP also store name, credit card,email  and other information. LDAP also exploitable like other database. LDAP injection is similarly to SQL injection.

NOTE: Remember i am telling you what i do. So feedback is welcome. I am not master and i don’t want to be master.

Suppose there web site which is allow us to search the website. So i simply put “*“on the search field and click on the search button . If it is really dealing with LDAP then it will match with all directory and output all information on the page.

If it is a URL then it would be like: www.example.com/search.asp?vulnerable=*

Simple way to identify the vulnerability (Bad Input):

*
)(cn=*

))))

*))

Reference:
https://www.owasp.org/index.php/LDAP_injection
https://www.owasp.org/index.php/Testing_for_LDAP_Injection_%28OWASP-DV-006%29

Try more…

Hacking is not crime, It is philosophy, It is research!!!