Prohibiting external entities varies depending on the XML parser used.
For example, JAXP and Xerces do not resolve entities by default, while developers must
explicitly turn off entity expansion in LibXML using expand_entities(0);.
Chapter 1: Common Injection Attacks 15
LDAP Injection
Popularity: 2
Simplicity: 5
Impact: 5
Risk Rating: 5
Generally, LDAP injection attacks allow users within a corporation to gain private
information. This attack is usually not possible via the Internet.
Lightweight Directory Access Protocol (LDAP) is a protocol for managing and storing
network resources and network users. This includes authorizing users to access
computers and other resources. Some web applications use ???unsanitized??? user input to
perform LDAP queries.
Consider a web application that takes a username as input and performs an LDAP
query to display the user??™s common name (cn) and phone number. For example, this
request
http://intranet/ldap_query?user=rgc
returns this:
cn: Richard Cannings
telephoneNumber: 403-555-1212
The LDAP statement to perform this query is simply this:
filter = (uid=rgc)
attributes = cn, telephoneNumber
However, you can construct more elaborate filters by using Boolean operations such as
OR (|) and AND (&) with various attributes such as cn, dn, sn, objectClass,
telephoneNumber, manager, and so on.
Pages:
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78