← Lessons

quiz vs the machine

Gold1360

Security

LDAP Injection

How unsanitized input warps directory queries and bypasses authentication.

4 min read · core · beat Gold to climb

The Vulnerability

LDAP injection happens when untrusted input is concatenated into a directory search filter without escaping. Special filter characters let an attacker change the query logic, much like SQL injection does for databases.

What Goes Wrong

  • Filter metacharacters such as the asterisk, parentheses, and the ampersand alter matching rules.
  • An attacker can craft a filter that always matches, bypassing authentication or returning every entry.
  • Blind variants leak attributes one comparison at a time.

Defenses

  • Escape every special character in user input per the LDAP filter rules before building the query.
  • Prefer parameterized directory APIs that separate the filter template from values.
  • Apply least privilege to the bind account so a successful injection reveals little.

Key idea

LDAP injection rewrites directory filters through unescaped metacharacters, so escape input, parameterize queries, and limit the bind account privileges.

Check yourself

Answer to earn rating on the learn ladder.

1. LDAP injection is most similar to which classic flaw?

2. What is the primary defense?