Difference between revisions of "LDAP injection"

From OWASP
Jump to: navigation, search
(Initial content)
m (small typo fix and rewording)
Line 2: Line 2:
  
 
==Description==
 
==Description==
LDAP (Lightweight Directory Access Protocol) Injection is an attack used to exploit web based applications by constructing LDAP statements from user input. When an application fails to sufficiently sanatize user input, it may be possible for an attacker to alter the construction of an LDAP statement. Due to the nature of web based applicationthe process will be run with the same permissions as the web server itself. Thus this could result in the execution of the command. Such a scenario could result in granting permissions to query, modify or remove anything inside the LDAP tree.
+
LDAP (Lightweight Directory Access Protocol) Injection is an attack used to exploit web based applications that construct LDAP statements from user input. When an application fails to sufficiently sanatize user input, it may be possible for an attacker to alter the construction of an LDAP statement. Due to the nature of web based applications the process will be run with the same permissions as the web server itself. Thus this could result in the execution of the command. Such a scenario could result in granting permissions to query, modify or remove anything inside the LDAP tree.
  
 
==References==
 
==References==

Revision as of 19:26, 18 October 2006

This is an Attack. To view all attacks, please see the Attack Category page.


Description

LDAP (Lightweight Directory Access Protocol) Injection is an attack used to exploit web based applications that construct LDAP statements from user input. When an application fails to sufficiently sanatize user input, it may be possible for an attacker to alter the construction of an LDAP statement. Due to the nature of web based applications the process will be run with the same permissions as the web server itself. Thus this could result in the execution of the command. Such a scenario could result in granting permissions to query, modify or remove anything inside the LDAP tree.

References

Related Attacks

Related Vulnerabilities

Category:Lack of Input Validation

Related Countermeasures

Category:Input Validation

Categories