LDAP injection exploits applications that construct LDAP queries from user input — potentially bypassing authentication, extracting directory information (user lists, group memberships, organisational structure), or modifying directory entries. Testing covers: authentication bypass through LDAP filter manipulation, information disclosure through wildcard injection, blind LDAP injection using boolean conditions, and LDAP-specific escape sequence exploitation. LDAP injection is particularly impactful because directory services typically contain the organisation's complete identity infrastructure.
Technical
LDAP Injection Testing: Attacking Directory Services Through Applications
LDAP injection manipulates directory queries to bypass authentication or extract sensitive directory data.