complete control over what will be queried on the LDAP server, and
he will get the result of the query when the code hits line 32 to 40
where all the results and their attributes are displayed back to the
user.
Attack Example
http://example/ldapsearch.asp?user=*
In the example above, we send the * character in the user parameter
which will result in the filter variable in the code to be initialized with
(uid=*). The resulting LDAP statement will make the server return
any object that contains a uid attribute.
References
LDAP Injection: Are Your Web Applications Vulnerable? , By Sacha
Faust SPI Dynamics
http://www.spidynamics.com/whitepapers/LDAPinjection.pdf
A String Representation of LDAP Search Filters
http://www.ietf.org/rfc/rfc1960.txt
Understanding LDAP
http://www.redbooks.ibm.com/redbooks/SG244986.html
LDAP Resources
http://ldapman.org/
4.4 OS Commanding
OS Commanding is an attack technique used to exploit web sites by
executing Operating System commands through manipulation of
application input.
33
Copyright 2004, Web Application Security Consortium. All rights reserved.
Unlimited Web Hosting
|
|
|
|
TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved. |