Introduction to LDAP Injection
The following article provides an outline for LDAP Injection. These days, the web application is supposed to be much more than just the platform that processes the user’s queries. In the earlier period, the web application was all about the place where users can come do their work and log off, and by the time they log off, the application stops working. But these days, the web application has to work even if the user is not using it, which could be implemented using cookies. Facebook recently has confirmed that they use cookies to check the users’ activities to ensure that their system is not being abused. So at the time where the online applications have to be more powerful, the security of the application heads the list of the requirements. Here we will be focusing on one type of cyber attack mode that has to be taken care of to ensure the system’s safety.
What is LDAP Injection?
- LDAP stands for Lightweight Directory Access Protocol. It can be defined as a protocol that is vendor-neutral and works on the layer over the TCP/IP stack. It is used to introduce the authority checking and authentication mechanism in the web application to ensure its safety and is very frequently used while developing web applications. LDAP is used very often in web applications that are being used over the internet or intranet. Therefore, it is essential to the web application to go with LDAP as it is a very common and important factor that facilitates the secure development of the web application.
- LDAP can also be defined as the set of standards used to perform security checks to find out if the user has all the permission to access the existing system. There are several ways to make the checks, but eventually, the motive of all the checks is to ensure the safety of the web application. It prohibits the unauthorized access of users that do not have the proper privileges. Based on the rights that the user hold for the particular web application, it ensures that the user could be able to access only those things to which they are entitled to. Though it is used to take care of the web application’s security, it can also be tricked by hackers to extract the juice from the application.
Performing LDAP Injection with Example
- The web application has to take the input from the user in order to process it further. The attacker can take leverage of this if the value entered by the users is not sanitized properly and directly goes to the database for execution. Here we will see how the LDAP injection could be launched on any web application prone to this attack.
<input type="text" size=15 name="uName">IEnter your name</input>
- The query mentioned above will be transformed into LDAP friendly command so that the application makes it easy for the query to be executed well.
String ldapQueryToSearch= "(sq=" + $userName + ")";
System.out.println(ldapQueryToSearch);
- In the above case, if the value submitted by the user is not sanitized, it can lead to getting the name of all the existing users by putting “*” in the input box. An asterisk denotes all the available options, so when the database will process the asterisk rather than any particular username, it will be given all the objects stored in the LDAP database. The actual query that will be executing in the database will be
findingLogin="(&(usrid="+username+")(userPwd={MD5}"+base64(pack("H*",md5(pass)))+"))";
- When the data is not sanitized, and the database accepts the asterisk value to the process, the code will be like below.
findingLogin="(&(usrid=*)(usrid=*))(|(usrid=*)(userPwd={MD5}Xkjr1Hj5LydgyfeuILpxM==))";
As soon as the above vulnerable code runs into the LDAP database, it will through all the objects stored in the LDAP database and will lead to cause harm to the web application. The hacker will use the outcome of LDAP injection to abuse the system and cause a security breach.
How can you Protect yourself from LDAP Injection Attacks?
- If there is a vulnerability in the application, there must exist its remediation as well. There will be barely any vulnerability that cannot be resolved or fixed to protect the system. In the same way, there are several ways that can be used to protect the web application from LDAP injection.
- The very first and most essential way is to sanitize the input before taking it further for processing. The input submitted by the user has to be validated if it matches the requirement that suites whatever the application is expecting through that text field. For instance, if the user tries to submit any special characters in the text field asking for the name, the user should be alerted that they cannot fill special characters in that field. That is the client-side validation. Now the server-side validation will also be required to ensure the data provided is genuine.
- The next one is to configure LDAP, keeping safety in mind. The LDAP configuration should be done to restrict unauthorized users to make any malicious changes to the system. Also, the next one is, the outcome of the LDAP query must be limited and cannot disclose any data that could lead to security breaches. If the data are not sufficient to harm the system, the attacker will not be able to affect the web application in any way, even if they were able to launch the LDAP injection attack.
Conclusion
The Lightweight Directory Access Protocol provides the way to the application to ensure that the user who is trying to access the system is properly authenticated and authorized to use the system. It is very important to consider LDAP while taking care of all the security concerns. The system should be ample to strong to not let any hacker launch an LDAP attack. As the LDAP database holds very lucrative information, the administrator has to ensure that the input from the user has been sanitized very carefully, and the configuration has to be done by keeping all the security factors in mind.
Recommended Articles
This is a guide to LDAP Injection. Here we discuss what is LDAP injection, its examples, and how to protect against LDAP injection attack. You can also go through our other related articles to learn more-