LDAP Injection¶
Vulnerability Name¶
LDAP Injection on [Parameter] in [Module/Functionality]
Vulnerability Description¶
LDAP injection arises when user-controllable data is copied in an unsafe way into an LDAP query that is performed by the application. If an attacker can inject LDAP metacharacters into the query, then they can interfere with the query's logic.
A web application could use LDAP in order to let users authenticate or search other users’ information inside a corporate structure. The goal of LDAP injection attacks is to inject LDAP search filters metacharacters in a query which will be executed by the application.
Add your specific vulnerability description if required, the one given above is a general description.
Payload¶
Steps to Reproduce¶
- Go to [Affected URL].
- Intercept the request in burp suite and send it to repeater.
- Change the value of [Vulnerable Parameter] to the above payload and send the request.
- Observe as the payload executes in the response.
POC¶
Modify the steps to reproduce above if required. Attach snapshots (POC) or a video link here.
Impact¶
Depending on the function for which the query is used, the attacker may be able to retrieve sensitive data to which they are not authorized, or subvert the application's logic to perform some unauthorized action.
Add your specific impact if required, the one given above is a general impact.
Remediation¶
- If possible, applications should avoid copying user-controllable data into LDAP queries. If this is unavoidable, then the data should be strictly validated to prevent LDAP injection attacks.
- In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into queries, and any other input should be rejected.
- At a minimum, input containing any LDAP metacharacters should be rejected; characters that should be blocked include ( ) ; , * | & = and whitespace.
Add your specific remediation if required, the above is a general remediation.