LDAP injection

Description
  • This script is possibly vulnerable to LDAP Injection attacks.

    Lightweight Directory Access Protocol (LDAP) is an open-standard protocol for both querying and manipulating X.500 directory services. When a web application fails to properly sanitize user-supplied input, it is possible for an attacker to alter the construction of an LDAP statement.
Remediation
  • Your script should filter metacharacters from user input.
References