This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "LDAP injection"
From OWASP
Weilin Zhong (talk | contribs) (→Related Attacks) |
|||
| (25 intermediate revisions by 6 users not shown) | |||
| Line 1: | Line 1: | ||
{{Template:Attack}} | {{Template:Attack}} | ||
| + | |||
| + | Last revision: '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | ||
==Description== | ==Description== | ||
| + | LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it’s possible to modify LDAP statements using a local proxy. This could result in the execution of arbitrary commands such as granting permissions to unauthorized queries, and content modification inside the LDAP tree. | ||
| + | The same advanced exploitation techniques available in [[SQL Injection]] can be similarly applied in LDAP Injection. | ||
| − | == | + | ==References== |
| − | + | * https://www.owasp.org/index.php/LDAP_Injection_Prevention_Cheat_Sheet | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | * | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | __NOTOC__ | |
Latest revision as of 16:25, 9 December 2016
- This is an Attack. To view all attacks, please see the Attack Category page.
Last revision: 12/9/2016
Description
LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it’s possible to modify LDAP statements using a local proxy. This could result in the execution of arbitrary commands such as granting permissions to unauthorized queries, and content modification inside the LDAP tree. The same advanced exploitation techniques available in SQL Injection can be similarly applied in LDAP Injection.
References
