The Lightweight Directory Access Protocol (LDAP) is used to reach the directory services over the network. A directory is a hierarchically organized data store that may include any kind of information but is commonly used to store personal data such as names, addresses, telephone numbers, e-mail addresses, and job functions.
Common examples of Lightweight Directory Access Protocol are the Active Directory used within Windows domains, and OpenLDAP, used in many situations. You are most likely to encounter LDAP being used in corporate intranet-based web applications, such as an HR application that allows users to view and modify information about employees.
Each LDAP query uses one or more search filters, which decide the directory entries that are returned by the query. Search filters can use different logical operators to represent complex search conditions.
As with other forms of injection, if user-supplied input is inserted into an LDAP search filter without any validation, it may be possible for an attacker to supply crafted input that modifies the filter’s structure and thereby retrieve data or perform actions in an unauthorized way.
In general, the Lightweight Directory Access Protocol (LDAP) injection security vulnerabilities are not as easily exploitable as SQL injection vulnerabilities, which can be easily exploited by many tools on the Internet.
