This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Testing for LDAP Injection (OTG-INPVAL-006)"
(→Brief Summary) |
|||
| Line 2: | Line 2: | ||
== Brief Summary == | == Brief Summary == | ||
| − | + | ||
| + | LDAP Injection is a server side attack, which could allow sensitive | ||
| + | information disclosure to be disclosed, modified or inserted about | ||
| + | users and hosts represented in an LDAP structure.<br> | ||
| + | It is done by manipulating input parameters afterwards passed to | ||
| + | internal search,add and modify functions. | ||
| + | |||
== Description of the Issue == | == Description of the Issue == | ||
...<br> | ...<br> | ||
Revision as of 08:46, 7 November 2006
OWASP Testing Guide v2 Table of Contents
Brief Summary
LDAP Injection is a server side attack, which could allow sensitive
information disclosure to be disclosed, modified or inserted about
users and hosts represented in an LDAP structure.
It is done by manipulating input parameters afterwards passed to
internal search,add and modify functions.
Description of the Issue
...
Black Box testing and example
Testing for Topic X vulnerabilities:
...
Result Expected:
...
Gray Box testing and example
Testing for Topic X vulnerabilities:
...
Result Expected:
...
References
Whitepapers
...
Tools
...
OWASP Testing Guide v2
Here is the OWASP Testing Guide v2 Table of Contents OWASP Testing Guide v2 Table of Contents
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
