General Information

LDAP Injection

Variants:
Direct Persistent Session 

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Input Validation, Syntax Escaping

Invented In:
01/01/2002

Added In:
08/12/2014

Quick Introduction to the Topic:


Vector Operation Method:
Malicious inputs can affect the structure of LDAP queries


Direct Variant:

LDAP Injection

Variant Title:
LDAP Injection

Typical Severity:
Major

Learn More:




Persistent Variant:

Stored LDAP Injection

Also Known As:
Persistent LDAP Injection

Typical Severity:
Major

Resources:

White Papers:

Learn More:


Session Variant:

LDAP Injection via Session Puzzling

Also Known As:
Session LDAP Injection

Typical Severity:
Major

Resources:

White Papers:

Learn More: