Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Injections LDAP by Laurent Desaulniers

OWASP Montréal
May 22, 2013
Programming
1
420

Injections LDAP by Laurent Desaulniers

Présentation sur les injections LDAP. Cette courte présentation décrira les différents types d'injection LDAP, les subtilités au niveau des filtres et les différentes technologies de LDAP. La présentation sera aussi complémentée d'exemples tirés de la compétition NorthSec, afin de démontrer les différents exploits.

Laurent Desaulniers est un passionné de sécurité informatique. Il a présenté au Hackfest, au colloque RSI et à OWASP. M. Desaulniers détient les certifications CISSP, CISM, CISA et OSCP.

Recorded webcast :
http://www.youtube.com/watch?v=-H_ppnQeBIo

https://www.owasp.org/index.php/Montreal

OWASP Montréal

May 22, 2013
Tweet

More Decks by OWASP Montréal

See All by OWASP Montréal
OWASP_-_Operate_PCIDSS_infrastructure_using_devOps_approch.pptx.pdf
owaspmontreal
0
130
Endpoint Bypass Charles Hamilton
owaspmontreal
0
130
Hybrid approach to security testing
owaspmontreal
0
200
Threat Modeling Toolkit
owaspmontreal
0
1k
NorthSec - Applied Security Event
owaspmontreal
0
190
Sécurité des applications : Les fondements
owaspmontreal
0
110
WORKSHOP ! Server Side Template Injection (SSTI)
owaspmontreal
1
950
Ransomware and healthcare - Hacking Health
owaspmontreal
0
150
OWASP Montréal reçoit Mario Contestabile
owaspmontreal
0
210

Other Decks in Programming

See All in Programming
Zero Waste, Radical Magic, and Italian Graft – Quarkus Efficiency Secrets
hollycummins
0
230
PHPはいつから死んでいるかの調査
chiroruxx
1
400
『Railsオワコン』と言われる時代に、なぜブルーモ証券はRailsを選ぶのか
free_world21
0
260
冗長なエラーログを削減し、スタックトレースを手に入れる / Reducing Verbose Error Logs and Obtaining Stack Traces
upamune
0
800
PostmanでAPIの動作確認が楽になった話
h455h1
0
170
CA.swift19 恋するAIアプリ開発の裏側
oskmr
0
360
Polars入門
daikikatsuragawa
1
100
新宿ダンジョンを可視化してみた
satoshi7190
2
260
Ruby Function Composition
bkuhlmann
1
330
Netty Chicago Java User Group 2024-04-17
sullis
0
180
Random\Randomizer クラスで日常のあれこれを解決しよう! / Random\Randomizer class solves familiar trouble
cocoeyes02
0
250
AWS Application Composerで始める、 サーバーレスなデータ基盤構築 / 20240406-jawsug-hokuriku-shinkansen
kasacchiful
1
260

Featured

See All Featured
The Invisible Side of Design
smashingmag
294
49k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
21
1.6k
Imperfection Machines: The Place of Print at Facebook
scottboms
260
12k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k
The Invisible Customer
myddelton
114
12k
Web Components: a chance to create the future
zenorocha
305
41k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
20
1.9k
Side Projects
sachag
451
41k
A designer walks into a library…
pauljervisheath
200
23k
GraphQLの誤解/rethinking-graphql
sonatard
50
9.2k
Reflections from 52 weeks, 52 projects
jeffersonlam
345
19k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
14
1.6k

Transcript

  1. None

  2. • • • • • • •

  3. • • • • • •

  4. • (&(name=Laurent)(StreetName=1 Sesame)) • • (&(ou=Livres)(title=1984*)(year=2002)) • • (&(size=L)(|(colour=blue)(colour=grey))) •

  5. (cn=Alice)(cn=Bob) (cn=Alice)(cn=Bob)

  7. • • (&(user=$1)(password=$2)) (&(uid=root)(UserPassword={SHA1}709fa…. 405c11551))

  8. (&(user=root)(user=root))(password=….)

  9. • Select NAME, Job, Phone from List where name=$name (name=$name);uid,phone,job

  10. • (&(ou=Staff) (cn=$name));cn, telephone;

  11. (&(ou=Staff)(cn=*));password,;cn));cn,telephone; (&(ou=Staff)(cn=*));password,cn,telephone;

  12. • • (&(uid=$name)(ou=« Staff))

  13. (|(user=$name)(ou=Staff))

  14. $name= hbjbjbf)(&(user=Paul)(mail=a*) (ou=Admins)

  15. None