Description: LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it’s possible to modify LDAP statements using a local proxy. This could result in the execution of arbitrary commands such as granting permissions to unauthorized queries, and content modification inside the LDAP tree. The same advanced exploitation techniques available in SQL Injection can be similarly applied in LDAP Injection.
source :https://www.owasp.org/index.php/LDAP_injection
This video is a simple demo LDAP Injection Attack.
a tool LDAP blind explorer is used in this demo.
This tool was first presented at Black Hat 2011. it is used to show practical approach how to exploit Blind LDAP Injection flaw. The tool is used by IT security researchers.
Tags: LDAP , Injection , Exploitation ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
they also developed a new version of xPath called xCat more powerful than before. Features are awesome. Read more description here
http://securitytube-tools.net/index.php?title=XCat
LDAP services are very important for any organization. more information is available on
http://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdf