AppSec Tales XXII | LDAPI

Application Security Testing for LDAP Injections.

INTRODUCTION

The article describes how to test the application to find LDAP Injections, which happens when it uses unsanitized user input to construct LDAP queries and then send them further to the LDAP server.

LDAP server uses a filter-based query syntax described in RFC 4515 — LDAP: String Representation of…