Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V5 - Validation/Sanitization

LDAP injection

POC

So the query is at first the following (&(cn=[INPUT1])(userPassword=[INPUT2])) When we add a ) after username, we get an LDAP error (&(cn=admin)) (userPassword=admin)) So inject the following query (&(cn=admin) (cn=*))%00 (userPassword=admin))

Impact

Medium-High (depends on the affect)

Likelihood

Medium-High (depends on the affect)