12-26-2024

25. LDAP Injection

LDAP Injection

Category: #Execution-Attack Severity: High

Attack:
LDAP Injection allows attackers to inject arbitrary LDAP statements into queries, potentially exposing sensitive user or system data or bypassing authentication.

Attack Code Example (LDAP Injection Payload):

username=admin)(&)

The payload might modify the LDAP search filter to allow unauthorized access.

Vulnerable Code Example (C#):

// Vulnerable LDAP query in C#
string filter = "(&(uid=" + username + ")(userPassword=" + password + "))";
DirectorySearcher searcher = new DirectorySearcher(filter);

In this example, user-controlled input is directly concatenated into the LDAP query, leading to possible injection.

Remediation Steps:

Use Parameterized Queries: Use APIs that support parameterized LDAP queries.
Input Sanitization: Validate and sanitize all user inputs before using them in LDAP queries.

Safe Code Example (C# with LDAP Query Filtering):

// Safe LDAP query in C#
string filter = "(&(uid={0})(userPassword={1}))";
DirectorySearcher searcher = new DirectorySearcher();
searcher.Filter = string.Format(filter, username, password);

Reference:
OWASP LDAP Injection Prevention Cheat Sheet