Feature Value
Type Detection
Covered by Agent

LDAP Injection is an attack used to exploit web-based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it is possible to modify LDAP statements using a local proxy. This could result in the execution of arbitrary commands such as granting permission to unauthorized queries and content modification inside the LDAP tree. The same advanced exploitation techniques available in SQL Injection can be similarly applied in LDAP Injection.

More information

How to solve it

Define practises that reduce the risk and perform better checks to properly sanitize user inputs.

Primary Defenses:

Additional Defenses: