Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Injections LDAP by Laurent Desaulniers

OWASP Montréal
May 22, 2013
Programming
1
430

Injections LDAP by Laurent Desaulniers

Présentation sur les injections LDAP. Cette courte présentation décrira les différents types d'injection LDAP, les subtilités au niveau des filtres et les différentes technologies de LDAP. La présentation sera aussi complémentée d'exemples tirés de la compétition NorthSec, afin de démontrer les différents exploits.

Laurent Desaulniers est un passionné de sécurité informatique. Il a présenté au Hackfest, au colloque RSI et à OWASP. M. Desaulniers détient les certifications CISSP, CISM, CISA et OSCP.

Recorded webcast :
http://www.youtube.com/watch?v=-H_ppnQeBIo

https://www.owasp.org/index.php/Montreal

OWASP Montréal

May 22, 2013
Tweet

More Decks by OWASP Montréal

See All by OWASP Montréal
OWASP_-_Operate_PCIDSS_infrastructure_using_devOps_approch.pptx.pdf
owaspmontreal
0
150
Endpoint Bypass Charles Hamilton
owaspmontreal
0
140
Hybrid approach to security testing
owaspmontreal
0
220
Threat Modeling Toolkit
owaspmontreal
0
1.1k
NorthSec - Applied Security Event
owaspmontreal
0
210
Sécurité des applications : Les fondements
owaspmontreal
0
120
WORKSHOP ! Server Side Template Injection (SSTI)
owaspmontreal
1
1k
Ransomware and healthcare - Hacking Health
owaspmontreal
0
160
OWASP Montréal reçoit Mario Contestabile
owaspmontreal
0
270

Other Decks in Programming

See All in Programming
[Do iOS '24] Ship your app on a Friday...and enjoy your weekend!
polpielladev
0
110
ペアーズにおけるAmazon Bedrockを⽤いた障害対応⽀援 ⽣成AIツールの導⼊事例 @ 20241115配信AWSウェビナー登壇
fukubaka0825
6
2k
What’s New in Compose Multiplatform - A Live Tour (droidcon London 2024)
zsmb
1
480
Jakarta EE meets AI
ivargrimstad
0
580
どうして僕の作ったクラスが手続き型と言われなきゃいけないんですか
akikogoto
1
120
LLM生成文章の精度評価自動化とプロンプトチューニングの効率化について
layerx
PRO
2
190
.NET のための通信フレームワーク MagicOnion 入門 / Introduction to MagicOnion
mayuki
1
1.7k
CSC509 Lecture 12
javiergs
PRO
0
160
Compose 1.7のTextFieldはPOBox Plusで日本語変換できない
tomoya0x00
0
190
PHP でアセンブリ言語のように書く技術
memory1994
PRO
1
170
watsonx.ai Dojo #4 生成AIを使ったアプリ開発、応用編
oniak3ibm
PRO
1
140
A Journey of Contribution and Collaboration in Open Source
ivargrimstad
0
950

Featured

See All Featured
Fireside Chat
paigeccino
34
3k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
130
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
28
2k
Why Our Code Smells
bkeepers
PRO
334
57k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Git: the NoSQL Database
bkeepers
PRO
427
64k
Six Lessons from altMBA
skipperchong
27
3.5k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
0
97
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
Side Projects
sachag
452
42k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k

Transcript

  1. None

  2. • • • • • • •

  3. • • • • • •

  4. • (&(name=Laurent)(StreetName=1 Sesame)) • • (&(ou=Livres)(title=1984*)(year=2002)) • • (&(size=L)(|(colour=blue)(colour=grey))) •

  5. (cn=Alice)(cn=Bob) (cn=Alice)(cn=Bob)

  7. • • (&(user=$1)(password=$2)) (&(uid=root)(UserPassword={SHA1}709fa…. 405c11551))

  8. (&(user=root)(user=root))(password=….)

  9. • Select NAME, Job, Phone from List where name=$name (name=$name);uid,phone,job

  10. • (&(ou=Staff) (cn=$name));cn, telephone;

  11. (&(ou=Staff)(cn=*));password,;cn));cn,telephone; (&(ou=Staff)(cn=*));password,cn,telephone;

  12. • • (&(uid=$name)(ou=« Staff))

  13. (|(user=$name)(ou=Staff))

  14. $name= hbjbjbf)(&(user=Paul)(mail=a*) (ou=Admins)

  15. None