LDAP Injection
LDAP Injection
Overview
LDAP injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it’s possible to modify LDAP statements using a local proxy. This LDAP injection vulnerability could allow an attacker to execute arbitrary commands, such as granting permissions to unauthorized queries, and content modification inside the LDAP tree. The same advanced exploitation techniques available in SQL injection can be similarly applied in LDAP injection.
Business Impact
LDAP injection vulnerabilities can lead to reputational damage through the impact to customers’ trust, or to regulatory fines due to an attacker’s unauthorized access to data. The severity of the impact to the business is dependent on the sensitivity of the data being stored in, and transmitted by the application.
Steps to Reproduce
Using a browser, log into the webpage: {{URL}}
In the request to URI modify the token XYZ by appending a quote ``` and you'll see an error return
Replace this with the payload below and you'll see a response indicating an injection occuring:
{{payload}}Proof of Concept (PoC)
The screenshot(s) below demonstrate(s) the vulnerability:
{{screenshot}}
Guidance
Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. Your submission must include evidence of the vulnerability and not be theoretical in nature.
Do not access or attempt to access sensitive information. Do not access Personally Identifiable Information (PII).
Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full proof-of-concept.
Recommendation(s)
To prevent LDAP injection attacks, it is recommended to validate all untrusted input. Properly encoding and sanitizing all input in the application layer minimizes the possibilities of the threats posed by LDAP injection. The following secure coding practices are recommended:
Whitelist input validation
Escape all variables using the correct encoding functions
Index fields containing sensitive information, such as user passwords
Conduct output regulation
Perform dynamic checks
Perform static source code analysis
Additionally, it is important to ensure that the LDAP environment is safely configured. Safeguard sensitive information in the LDAP directory by configuring user permissions. This is especially important for directories used for logging purposes on mobile and web applications.
For more information, view the following resource:
Last updated