/vulndb/LDAP Injection

LDAP Injection is a Code Injection technique used against applications, which construct LDAP statement based on user input. LDAP is an application protocol used to access and maintain distributed directory services like Microsoft’s Active Directory.

An attacker may inject LDAP statements to alter a legit LDAP query in order to modify the content inside the LDAP tree or to retrieve confidential information about the directory service.

Solution

Sanitize or parameterize user supplied data before using it to build LDAP queries. Many development platforms offer helper functions used for preparing safe LDAP queries.

References

https://www.owasp.org/index.php/LDAP_injection