How to do LDAP Injection

What are LDAP Injection Attacks?

LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements using a local proxy. This could allow the attacker to view sensitive information or execute unauthorized queries.

LDAP Injection Example

Here is a simple example of an LDAP Injection attack:


             // User input
             username = *)(uid=*))(|(uid=*
     
             // LDAP query
             ldap_search_s(ld, "o=My Company, c=US", LDAP_SCOPE_SUBTREE, "(&(objectCategory=person)(objectClass=user)(uid=*)(uid=*))(|(uid=*)))", NULL, 0, &result);

In this example, the attacker modifies the 'username' input to change the LDAP query and return all users.

Prevention

Preventing LDAP Injection attacks involves proper input validation, sanitization, and using parameterized queries. This includes:

Input validation: Validate user input by only accepting expected values.
Sanitize input: Remove or replace special characters from user input.
Use parameterized queries: Use parameterized queries or prepared statements to separate code and data.