LDAP Injection

Concept

An authentication ldap Request look like this :

(&(uid=username)(userPassword=password))

And by default it allow regex-like so we could put * for the password and it will work.

That mean that we can guess an element step my step like :

* > s* > se* > sec* > secr* > secre* > secret

And we can bypass the next field entry by typing

valid)(|(&

That will perform an OR test of the next field with (&) which is always true.

Ressouces

• OWASP – LDAP Injection
• Payloads