🚨 LDAP Injection Vulnerability

Generated LDAP Query:

(&(uid=)())

What happened:

User input was directly inserted into LDAP query
No input validation or sanitization
Special LDAP characters not escaped
Query structure can be manipulated

LDAP Injection Examples:

Authentication Bypass:

Username: admin)(cn=*
Results in: (&(uid=admin)(cn=*)()

Information Disclosure:

Filter: objectClass=*)(uid=*
Results in: (&(uid=user)(objectClass=*)(uid=*))

Blind LDAP Injection:

Username: *)(|(password=a*
Test different password patterns to extract data

Test Form:

How to fix:

Use parameterized LDAP queries
Escape special LDAP characters: ( ) * \ NUL
Validate input against whitelist
Use LDAP libraries with built-in protections
Implement proper access controls