LDAP Injection
Notes on LDAP Injection and LDAP Fundamentals
1. Introduction to LDAP Injection
LDAP (Lightweight Directory Access Protocol) is used for accessing directory servers such as Active Directory (AD).
Web applications integrate LDAP for authentication and data retrieval.
LDAP Injection occurs when unsanitized user input is inserted into LDAP queries, leading to authentication bypass, data leakage, and privilege escalation.
2. LDAP Foundations
Key LDAP Terminology
Directory Server (DS): A database-like system storing directory data (e.g., OpenLDAP).
LDAP Entry: The basic data unit in LDAP containing:
Distinguished Name (DN): Unique identifier (e.g.,
uid=admin,dc=example,dc=com
).Attributes: Data fields (e.g.,
uid
,cn
,mail
).Object Classes: Defines entry types (e.g.,
Person
,Group
).
LDAP Operations
Bind: Authentication with the directory server.
Unbind: Close the client connection.
Add: Create a new entry.
Delete: Remove an entry.
Modify: Update an entry.
Search: Query directory entries.
3. LDAP Search Filter Syntax
LDAP queries use search filters enclosed in parentheses
()
.Filters consist of an attribute, an operand, and a value.
Base Operand Filters
Equality
=
(name=Kaylie)
Matches name=Kaylie
Greater-Than
>=
(uid>=10)
Matches uid
≥ 10
Less-Than
<=
(uid<=10)
Matches uid
≤ 10
Approximate
~=
(name~=Kaylie)
Matches similar values to Kaylie
Logical Combination Filters
AND
&
(&(name=Kaylie)(title=Manager))
Matches both conditions
OR
`
`
`(
NOT
!
(!(name=Kaylie))
Excludes name=Kaylie
Boolean Filters
True
(&)
False
`(
Wildcard Filters
(name=*)
Matches all entries with name
attribute
(name=K*)
Matches names starting with K
(name=*a*)
Matches names containing a
4. Common LDAP Attribute Types
cn
Full Name
givenName
First Name
sn
Last Name
uid
User ID
objectClass
Object Type
distinguishedName
Unique Identifier
ou
Organizational Unit
title
Job Title
telephoneNumber
Phone Number
mail
Email Address
street
Street Address
postalCode
ZIP Code
member
Group Memberships
userPassword
User Password
Key Takeaways
LDAP is a structured query language for directory services.
LDAP Injection occurs when attackers manipulate input to change LDAP query behavior.
Logical operands (
&
,|
,!
) allow powerful filtering and are exploitable.Input sanitization and proper escaping are crucial for preventing LDAP Injection.
Last updated