LDAP injection!!

The site moved to root domain where all post are imported. Please go to http://pusheax.com/

LDAP=Lightwieght Directory Access protocol. This protocol is used to accessed directory server over network which use port number 389.

If you don’t know about LDAP then here you go: http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol

LDAP also store name, credit card,email  and other information. LDAP also exploitable like other database. LDAP injection is similarly to SQL injection.

NOTE: Remember i am telling you what i do. So feedback is welcome. I am not master and i don’t want to be master.

Suppose there web site which is allow us to search the website. So i simply put “*“on the search field and click on the search button . If it is really dealing with LDAP then it will match with all directory and output all information on the page.

If it is a URL then it would be like: www.example.com/search.asp?vulnerable=*

Simple way to identify the vulnerability (Bad Input):





Try more…

Hacking is not crime, It is philosophy, It is research!!! 

Leave a Reply

Your email address will not be published. Required fields are marked *