Hello friends how are you i hope you are doing good so here we are closing in on our this series i really hope that you have learned a lot or a little :p so if you did learned some thing do tell us by commenting and sharing. Here are other sections
MySql Injection , Directory Traversal , File Include Attacks , Unrestricted File Upload , Command Injection Attacks, LDAP Injection Attacks :-
LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it’s possible to modify LDAP statements using a local proxy. This could result in the execution of arbitrary commands such as granting permissions to unauthorized queries, and content modification inside the LDAP tree. The same advanced exploitation techniques available in SQL Injection can be similarly applied in LDAP Injection.
https://www.owasp.org/index.php/LDAP_injection LDAP Injection LDAP attacks
In this section, we will cover LDAP attacks. LDAP is often used as a backend for authentication, especially in Single-Sign-On (SSO) solutions. LDAP has its own syntax that we will see in more detail, in the following examples.
In this first example, you connect to a LDAP server, using your username and password. In this instance, The LDAP server does not authenticate you, since your credentials are invalid.
However, some LDAP servers authorise NULL Bind: if null values are sent, the LDAP server will proceed to bind the connection, and the PHP code will think that the credentials are correct. To get the
bind with 2 null values, you will need to completely remove this parameter from the query. If you keep something like
username=&password= in the URL, these values will not work, since they won’t be null; instead, they will be empty.
This is an important check to perform on all login forms that you will test in the future, even if the backend is not LDAP-based. –>
So the solution be look like this :-
This will authenticate you as a valid user and your request will authenticated.
$filter will become to “ (&(cn=hacker)(cn=*))%00)(userPassword=[pass]))” which will get rid of all the following strings. %00
More information about testing LDAP injection, please check the OWASP article
Testing for LDAP Injection VIDEO