What is LDAP Injection

·

2 min read

Definition

LDAP (Lightweight Directory Access Protocol) injection is a security vulnerability that occurs when user-input data is used in LDAP queries without proper validation or sanitization. This can lead to unauthorized access or manipulation of data within an LDAP directory.

List of Vulnerable Points

  • Anywhere user input is used for authentication

  • Login identifiers, passwords

Vulnerability Verification Method

  • Verify if manipulated LDAP queries are inserted and executed in user input values.
USERNAME>(&)

LDAP Injection Cheatsheet

LDAP (Lightweight Directory Access Protocol)

LDAP is a protocol used to implement network directory services, used to store and retrieve directory information such as users, groups, and devices.

What is LDAP(Lightweight Directory Access Protocol)

Network Directory Services

Network directory services are systems designed to centrally manage information such as users, resources, and services in a computer network. The primary purpose is to efficiently perform user identification, authentication, authorization management, resource retrieval, and access.

LDAP, LDAP Server, WAS, DB Structure

Attack Method

Attack Scenario

  1. The attacker manipulates malicious LDAP queries and passes them to a vulnerable application.

  2. The application uses user input for LDAP queries without proper validation.

  3. The manipulated LDAP query is executed, resulting in unauthorized access or data manipulation within the LDAP directory.

Attack Process

Detailed Process Explanation

  1. The attacker provides malicious input, passing it to the application.

  2. The application executes the vulnerable LDAP query without proper user input validation.

  3. The vulnerable LDAP query is sent to and executed by the LDAP server.

  4. The LDAP server processes the query and returns the result to the application.

  5. The application displays the result to the user or utilizes it for other purposes.

Mitigation Strategies

  • Use prepared statements.

  • Implement whitelist-based filtering to allow only alphanumeric characters (a-z, A-Z, 0-9).

  • Minimize access permissions to the LDAP server, restricting application accounts to the least necessary privileges.

  • Apply rulesets to web firewalls to filter LDAP-related special characters.

  • Target filtering:

Did you find this article valuable?

Support Eunhan's blog by becoming a sponsor. Any amount is appreciated!