Created
March 3, 2018 14:31
-
-
Save zealfire/39482dbb391dedb261ad8c80207f2bcb to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| LDAP injection is a type of attack on a web application where hackers place code in a user input field in an attempt to gain unauthorized access or information. Like Java SQL injection or .NET SQL injection, an LDAP injection can lead to information theft, browser or session hijacking, defacement of website and worse. | |
| In LDAP injection uses client-supplied data in LDAP (Lightweight Directory Access Protocol) statements without removing potentially harmful code from the request. When a web application doesn’t adequately sanitize user-supplied input, hackers may be able to change the construction of an LDAP statement which will run with the same permissions as the component that executed the command. An LDAP injection can result in serious security issues if the permissions grant the rights to query, modify or remove anything inside the LDAP tree. | |
| For example, attackers might use an LDAP injection to insert malicious code that allows them to see all the usernames and passwords assigned to a system or to add their names as system administrators. A successful LDAP injection can be a major security breach, causing headaches, damaged reputation and financial losses for the unlucky company. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment