EncryptCodecencryptcodec
Simulations/LDAP Injection

LDAP Injection

Intermediate

This directory service login is vulnerable to LDAP injection. Manipulate the LDAP filter to bypass authentication, then learn how to sanitize inputs to prevent the attack.

Progress:
1
Bypass Authentication
2
Apply the Fix
corp.internal/directory/login

Directory Service Login

LDAP Filter Constructed
(&(uid=username)(password=password))

Challenges

1
Bypass Authentication
Inject into the UID field to bypass LDAP authentication and log in without valid credentials.
hints
2
Apply the Fix
Select the correct sanitization approach to prevent LDAP injection.
hints
How to fix LDAP injection
Escape special characters before building LDAP filters

Frequently Asked Questions