LDAP Injection Attack

Description

Lightweight Directory Access Protocol (LDAP) is a widely used protocol for accessing information directories. LDAP injection is the technique of exploiting web applications that use client-supplied data in LDAP statements without first stripping potentially harmful characters from the request. The objective of this paper is to inform developers, system administrators and security professionals about various techniques that could be used to attack their applications. It also describes preventive measures for protecting applications from these intrusions.

Vulnerabilities

Building dynamic LDAP queries using untrusted input

Countermeasures

Untrusted input should be validated against an inclusion list before use (e.g., RegEx pattern, primitive type casting, domain constraint, etc.)

Additional Resources

See SpiDynamics LDAP Injection whitepaper: http://www.spidynamics.com/whitepapers/LDAPinjection.pdf

LDAP Injection Attack

Contents

Description

Vulnerabilities

Countermeasures

Additional Resources

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Toolbox