Introduction to LDAP Injection
The web application these days is supposed to be much more than just the platform that processes the user’s queries. In the earlier period, the web application was all about the place where users can come do their work and log off, and by the time they log off, the application stops working. But these days the web application has to work even if the user is not using it, which could be implemented using cookies. Facebook recently has confirmed that they use cookies to check the users’ activities to ensure that their system is not being abused. So at the time where the online applications have to be more powerful, the security of the application heads the list of the requirements. Here we will be focusing on one type of cyber attack mode that has to be taken care of in order to ensure the safety of the system.
What is LDAP Injection?
- LDAP stands for Lightweight Directory Access Protocol. It can be defined as a protocol that is vendor-neutral and works on the layer over TCP/IP stack. It is used to introduce the authority checking and authentication mechanism in the web application to ensure its safety and very frequently used while the development of web applications. LDAP is used very often in the web applications that are being used over the internet or intranet. It is very important to the web application to go with LDAP as it is a very common and important factor that facilitates the secure development of the web application.
- LDAP can also be defined as the set of standards that are used to perform the security checks in order to find out if the user has all the permission to access the existing system. There are several ways to make the checks but eventually, the motive of all the checks is to ensure the safety of the web application. It prohibits the unauthorized access of the users that do not have the proper privileges. Based on the rights that the user hold for the particular web application, it ensures that the user could be able to access only those things for which they are entitled to. Though it is used to take care of the web application’s security, it can also be tricked by hackers to extract the juice from the application.
Performing LDAP Injection with Example
- The web application has to take the input from the user in order to process it further. The attacker can take leverage of this if the value entered by the users is not sanitized properly and directly goes to the database for execution. Here we will see how the LDAP injection could be launched on any of the web application that is prone to this attack.
<input type="text" size=15 name="uName">IEnter your name</input>
- The query mentioned above will be transformed into LDAP friendly command so that the application makes it easy for the query to be executed well.
String ldapQueryToSearch= "(sq=" + $userName + ")";
System.out.println(ldapQueryToSearch);
- In the above case, if the value submitted by the user is not sanitized, it can lead to getting the name of all the existing users by putting “*” in the input box. An asterisk denotes all the available options so when the database will process the asterisk rather any particular username, it will be given all the objects stored in the LDAP database. The actual query that will be executing in the database will be
findingLogin="(&(usrid="+username+")(userPwd={MD5}"+base64(pack("H*",md5(pass)))+"))";
- When the data is not sanitized and the database accepts the asterisk value to the process, the code will be like below.
findingLogin="(&(usrid=*)(usrid=*))(|(usrid=*)(userPwd={MD5}Xkjr1Hj5LydgyfeuILpxM==))";
As soon as the above vulnerable code will run into the LDAP database, it will through all the objects stored in the LDAP database and will lead to cause harm to the web application. The outcome of LDAP injection will be then used by the hacker to abuse the system and cause the security breach.
How you can Protect form LDAP Injection attacks?
- If there is a vulnerability in the application, there must exist its remediation as well. There will be barely any vulnerability that cannot be resolved or fixed to protect the system. In the same way, there are several ways that can be used to protect the web application from LDAP injection.
- The very first and most essential way is to sanitize the input before taking it further for processing. The input submitted by the user has to be validated if it matches the requirement that suites to whatever the application is expecting through that text field. For instance, if the user tries to submit any special characters in the text field that is asking for the name, then the user should be alerted that they cannot fill special character in that field. That is the client-side validation. Now the server-side validation will also be required to make sure the data that has been provided is genuine.
- The next one is to configure LDAP keeping safety in mind. The LDAP configuration should be done in a manner that restricts unauthorized users to make any malicious changes into the system. Also, the next one is, the outcome of the LDAP query must be limited and cannot disclose any data that could lead to security breaches. If the data will not be sufficient to harm the system, the attacker will not be able to affect the web application in any way even if they were able to launch the LDAP injection attack.
Conclusion
The Lightweight Directory Access Protocol provides the way to the application to ensure that the user who is trying to access the system is properly authenticated and authorized to use the system. It is very important to consider LDAP while taking care of all the security concerns. The system should be ample to strong to not let any hacker launch an LDAP attack. As the LDAP database holds very lucrative information, the administrator has to ensure that the input from the user has been sanitized very carefully and the configuration has to be done by keeping all the security factors in mind.
Recommended Articles
This is a guide to LDAP Injection. Here we discuss what is LDAP Injection, its examples and how to protect LDAP Injection attack. You can also go through our other related articles to learn more-