LDAP Injection

Example 1: Java

Vulnerable Code:

javaCopy codeString filter = "(&(uid=" + user + ")(userPassword=" + password + "))";
NamingEnumeration<SearchResult> results = ctx.search("ou=users", filter, new SearchControls());

Reason for vulnerability: User input is directly used in the LDAP filter, allowing injection.

Fixed Code:

javaCopy codeString filter = "(&(uid={0})(userPassword={1}))";
NamingEnumeration<SearchResult> results = ctx.search("ou=users", new Object[] { user, password }, new SearchControls());

Reason for fix: Use parameterized queries to prevent LDAP injection.

Example 2: C#

Vulnerable Code:

csharpCopy codestring filter = "(&(uid=" + user + ")(userPassword=" + password + "))";
DirectorySearcher searcher = new DirectorySearcher(filter);
SearchResultCollection results = searcher.FindAll();

Reason for vulnerability: User input is directly used in the LDAP filter, allowing injection.

Fixed Code:

csharpCopy codestring filter = "(&(uid={0})(userPassword={1}))";
DirectorySearcher searcher = new DirectorySearcher(filter, new string[] { user, password });
SearchResultCollection results = searcher.FindAll();

Reason for fix: Use parameterized queries to prevent LDAP injection.

PreviousXPath Injection NextInsecure File Uploads

Last updated 11 months ago