LDAP Injection
LDAP Injection
Example 1: Java
Vulnerable Code:
javaCopy codeString filter = "(&(uid=" + user + ")(userPassword=" + password + "))";
NamingEnumeration<SearchResult> results = ctx.search("ou=users", filter, new SearchControls());
Reason for vulnerability: User input is directly used in the LDAP filter, allowing injection.
Fixed Code:
javaCopy codeString filter = "(&(uid={0})(userPassword={1}))";
NamingEnumeration<SearchResult> results = ctx.search("ou=users", new Object[] { user, password }, new SearchControls());
Reason for fix: Use parameterized queries to prevent LDAP injection.
Example 2: C#
Vulnerable Code:
csharpCopy codestring filter = "(&(uid=" + user + ")(userPassword=" + password + "))";
DirectorySearcher searcher = new DirectorySearcher(filter);
SearchResultCollection results = searcher.FindAll();
Reason for vulnerability: User input is directly used in the LDAP filter, allowing injection.
Fixed Code:
csharpCopy codestring filter = "(&(uid={0})(userPassword={1}))";
DirectorySearcher searcher = new DirectorySearcher(filter, new string[] { user, password });
SearchResultCollection results = searcher.FindAll();
Reason for fix: Use parameterized queries to prevent LDAP injection.
Last updated