LDAP Injection
- LDAP is another query language
- used to read and write to directory databases
- can exploit either:
- the unauthenticated access
- or a vuln in a client app to submit arbitrary LDAP queries
- could allow
- accounts to be created or deleted
- or for the attacker to change authorizations and privileges
- Adding filter parameters as unsanitized input can bypass access controls
- e.g.,
- If the form input is not sanitized
- threat actor could bypass the password check
- by entering a valid username plus an LDAP filter string
- causes the password filter to be dropped for a condition that is always true:
(&(username=Bob)(&))