mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 11:35:51 +00:00

Files

T

copilot-swe-agent[bot] 68b76036df Add comprehensive payloads and 4 new vulnerability types (SSTI, HTTP Request Smuggling, CORS, JWT)

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>

2026-01-05 14:50:15 +00:00

ldap-injection-payloads.txt

Add comprehensive payloads and 4 new vulnerability types (SSTI, HTTP Request Smuggling, CORS, JWT)

2026-01-05 14:50:15 +00:00

README.md

Restructure repository: Remove OWASP categorization, organize by vulnerability type

2026-01-04 19:01:04 +00:00

README.md

LDAP Injection

Description

LDAP Injection is an attack used to exploit web applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements through techniques similar to SQL injection.

Common Attack Vectors

Login forms
Search fields
User directory lookups
Authentication systems

Testing Approach

Submit LDAP metacharacters and operators in input fields to test if the application is vulnerable to LDAP injection.

Payloads

See ldap-injection-payloads.txt for a comprehensive list of LDAP injection payloads.