Web application security - the fast guide 1.1 | Page 128

Chapter 6 - Attack execution (2)
P a g e | 128
LDAP is the acronym of Light Directory Access Protocol a standard application
protocol for accessing and maintaining distributed directory information
services over an Internet Protocol.
The directory is organizing as a hierarchy that generally stores user information
and any other information if needed.
The most popular example about LDAP is Active Directory used in windows and
OpenLDAP that is used as HR application.
LDAP uses filters joined by operators to search the directory, the query syntax is
as illustrated in the following listing
(operator (key 1 =value 1 value 2 …) (key2=value 1 …. value n ))
Operator can be something like (&) for conjunctive queries and (|) for disjunctive
queries
(|(city=LA )(department=design)(city=CA )(department=R&D))
Attack requirement:
No proper sanitization on the user input that will be part of an LDAP query.
Attack example:
If the following is the listing of a query used in the application to retrieve a sale
personnel information in a specific city.
(&(city=LA )(department=sales))
Now if the injection is done to change the city to
*) (department=*))
This will cause the query to return employee information in all departments and
cities.
6.13 Attack Execution-Business Logic