Hello Haxors !
I wan thinking to write on Forum from many days how ever due to Other Projects I was unable to write .
What is LDAP
Lightweight Directory Access Protocol is used in OpenLDAP and Microsoft ADAM , LDAP is object-oriented, therefore every entry in an LDAP directory is an instance of an object and must correspond to the rules fixed for the attributes of that object. The data is Stored in database structure based on a tree of directory entries, which provide high speed search and browsing . LDAP Injection is same like SQL Inject whose concept is to take advantage of the parameters which are introduced by the user to generate the LDAP query.
Bypassing Admin Login :-
As we already know Login have only 2 post fields Username and password , The input data is inserted by the user which is verified by sending an an LDAP search filter into The LDAP database server .
Query:-
Code:
(&(USER=user)(PASSWORD=password))
Where user is for Username Post Field while password is fro Password Post Field.
Let us suppose that user Admin is The valid user and we have to access its database.
Then the query which will be executed will be:
Code:
(&(USER=admin)(PASSWORD=password))
If the value Password will be correct User will be granted access otherwise Access will be denied.
So Lets Bypass:
Usually 1st filter is processed by The LDAP server
So The query which will be processed will be:-
Code:
(&(USER=admin)(&))
This query is always true So by this query we can get access to the LDAP database without giving valid password as the query is always true .
Enter Query in user field
Code:
Username: (&(USER=admin)(&))
Password: Xploiter.net
Hit Enter And Enjoy! :)
I wan thinking to write on Forum from many days how ever due to Other Projects I was unable to write .
What is LDAP
Lightweight Directory Access Protocol is used in OpenLDAP and Microsoft ADAM , LDAP is object-oriented, therefore every entry in an LDAP directory is an instance of an object and must correspond to the rules fixed for the attributes of that object. The data is Stored in database structure based on a tree of directory entries, which provide high speed search and browsing . LDAP Injection is same like SQL Inject whose concept is to take advantage of the parameters which are introduced by the user to generate the LDAP query.
Bypassing Admin Login :-
As we already know Login have only 2 post fields Username and password , The input data is inserted by the user which is verified by sending an an LDAP search filter into The LDAP database server .
Query:-
Code:
(&(USER=user)(PASSWORD=password))
Where user is for Username Post Field while password is fro Password Post Field.
Let us suppose that user Admin is The valid user and we have to access its database.
Then the query which will be executed will be:
Code:
(&(USER=admin)(PASSWORD=password))
If the value Password will be correct User will be granted access otherwise Access will be denied.
So Lets Bypass:
Usually 1st filter is processed by The LDAP server
So The query which will be processed will be:-
Code:
(&(USER=admin)(&))
This query is always true So by this query we can get access to the LDAP database without giving valid password as the query is always true .
Enter Query in user field
Code:
Username: (&(USER=admin)(&))
Password: Xploiter.net
Hit Enter And Enjoy! :)
0 comments:
Post a Comment