9 lines
488 B
Plaintext
9 lines
488 B
Plaintext
LDAP injections occur in an application when the application retrieves
|
|
untrusted data and inserts it into an LDAP query without sanitizing it first.
|
|
|
|
An LDAP injection can either be basic or blind, depending on whether the
|
|
server's fetched data is directly returned in the web application's response. +
|
|
The absence of the corresponding response for the malicious request on the
|
|
application is not a barrier to exploitation. Thus, it must be treated the same
|
|
way as basic LDAP injections.
|