Skip to content

Latest commit

 

History

History
32 lines (19 loc) · 1023 Bytes

TaintedLdap.md

File metadata and controls

32 lines (19 loc) · 1023 Bytes

TaintedLdap

Potential LDAP injection. This rule is emitted when user-controlled input can be passed into an LDAP request.

Risk

Passing untrusted user input to LDAP requests could be dangerous.

If LDAP requests like these are used for login purposes, it could result in an authentication bypass. An attacker could write a filter that would evaluate to true for any user, and thus bruteforce credentials easily.

Example

<?php

$ds = ldap_connect('example.com');
$dn = 'o=Psalm, c=US';
$filter = $_GET['filter'];
ldap_search($ds, $dn, $filter, []);

Mitigations

Use ldap_escape to escape user input to the LDAP filter and DN.

Further resources