mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 11:35:51 +00:00
copilot-swe-agent[bot]
68b76036df
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
LDAP Injection
Description
LDAP Injection is an attack used to exploit web applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements through techniques similar to SQL injection.
Common Attack Vectors
- Login forms
- Search fields
- User directory lookups
- Authentication systems
Testing Approach
Submit LDAP metacharacters and operators in input fields to test if the application is vulnerable to LDAP injection.
Payloads
See ldap-injection-payloads.txt for a comprehensive list of LDAP injection payloads.