TITLE:
LDAP Injection Techniques
AUTHORS:
Jose Maria ALONSO, Antonio GUZMAN, Marta BELTRAN, Rodolfo BORDON
KEYWORDS:
Web Applications Security, Code Injection Techniques, LDAP
JOURNAL NAME:
Wireless Sensor Network,
Vol.1 No.4,
November
20,
2009
ABSTRACT: The increase in the number of databases accessed only by some applications has made code injection attacks an important threat to almost any current system. If one of these applications accepts inputs from a client and executes these inputs without first validating them, the attackers are free to execute their own queries and therefore, to extract, modify or delete the content of the database associated to the application. In this paper a deep analysis of the LDAP injection techniques is presented. Furthermore, a clear distinction between classic and blind injection techniques is made.