1. LDAP injection
LDAP (Light Directory Access Portocol) is a lightweight directory access protocol based on the X.500 standard, providing services and protocols for accessing directory database methods. Commonly used to form directory services with directory databases. The directory is a professional distributed database optimized for query, browsing and search. It organizes data in a tree structure, similar to the file directory in Linux/Unix systems. It is suitable for storing data that does not change frequently, such as public certificates, security keys, and company physical device information, in the directory. Similar to SQL, LDAP is a search protocol with query syntax and the risk of potential injection attacks. LDAP injection refers to an attack method in which the input string when the client sends a query request contains some special characters, causing the original query structure of LDAP to be modified, thereby allowing access to more unauthorized data.
This article takes the JAVA language source code as an example to analyze the causes and repair methods of the LDAP injection vulnerability in the CWE ID 90: Improper Neutralization of Special Elementsused in an LDAP Query ('LDAP Injection') sample. For details, please see:
CWE ID 90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
http://cwe .mitre.org/data/definitions/90.html
CWE ID 639: Authorization Bypass ThroughUser-Controlled Key
http://cwe.mitre.org/ data/definitions/639.html
2. Dangers of LDAP injection
LDAP injection is introduced by using users Parameters generate malicious LDAP queries to bypass access control and user privilege escalation by constructing LDAP filters. Through the construction of normal filters, AND and OR operation injection is implemented to obtain sensitive information.
From January 2018 to January 2019, there were a total of 4 vulnerability information related to it in CVE. Some of the vulnerabilities are as follows:
Overview | |
---|---|
phpLDAPadmin 1.2.2 allowed via cmd.php? LDAP injection with a crafted serverid parameter in the cmd=loginform request or a crafted username and password in the login panel. | |
MIT krb5 1.6 or later allows authenticated kadmin to add principals to the LDAP Kerberos database by providing "linkdn" and "containerdn" database parameters to bypass the DN container check, or by providing the DN string as an extension to the DN container check. | |
Apache Karaf before 4.0.8 uses the LDAPLoginModule to authenticate users through LDAP. However, the username is not encoded correctly and is therefore vulnerable to an LDAP injection attack, resulting in a denial of service. | |
PacketFence html/admin/login.php before 3.0.2 allows remote attackers to conduct an LDAP injection attack via a crafted Username bypasses authentication. |
The above is the detailed content of How to understand LDAP injection. For more information, please follow other related articles on the PHP Chinese website!

Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft

SublimeText3 Mac version
God-level code editing software (SublimeText3)

SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.

Dreamweaver Mac version
Visual web development tools