LDAP Injection


The application is vulnerable to LDAP injection attacks. Lightweight Directory Access Protocol (LDAP) is an open-standard protocol for both querying and manipulating X.500 directory services. The application uses user-supplied data to construct LDAP queries. An attacker is able to inject LDAP search filters metacharacters into a query which will be executed by the application. Once the attacker can control the application’s LDAP syntax, they can use queries to extract sensitive data or use it to bypass application logic. 


An attacker who can alter LDAP statements will be able to execute queries of the LDAP directory using the permission level of the application or application component. In most cases this means a risk of exposure of sensitive information about users or hosts or a subversion of application logic since most organizations use LDAP for access control, privilege management, or resource management. In the worst case, an attacker with enough privileges could cause modifications within the LDAP tree.

Risk Rating


How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas



Subscribe here in order to gain access to the AppSec Findings Database


Leave a Reply