LDAP injection

Description

This script is possibly vulnerable to LDAP Injection attacks.

Lightweight Directory Access Protocol (LDAP) is an open-standard protocol for both querying and manipulating X.500 directory services. When a web application fails to properly sanitize user-supplied input, it is possible for an attacker to alter the construction of an LDAP statement.

Remediation

Your script should filter metacharacters from user input.

References
Severity
Classification
Tags
  • LDAP Injection