1BO4r2U
1BO4r2U
1BO4r2U
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
129 130<br />
Web Application Penetration Testing<br />
Web Application Penetration Testing<br />
https: /media.blackhat.com/bh-us-11/Sullivan/BH_US_11_Sullivan_Server_Side_WP.pdf<br />
• Bryan Sullivan from Adobe: “NoSQL, But Even Less Security”<br />
- http: /blogs.adobe.com/asset/files/2011/04/NoSQL-But-Even-<br />
Less-Security.pdf<br />
• Erlend from Bekk Consulting: “[Security] NOSQL-injection” -<br />
http: /erlend.oftedal.no/blog/?blogid=110<br />
• Felipe Aragon from Syhunt: “NoSQL/SSJS Injection” - http: /<br />
www.syhunt.com/?n=Articles.NoSQLInjection<br />
• MongoDB Documentation: “How does MongoDB address SQL<br />
or Query injection?” - http: /docs.mongodb.org/manual/faq/developers/#how-does-mongodb-address-sql-or-query-injection<br />
• PHP Documentation: “MongoCollection::find” - http: /php.net/<br />
manual/en/mongocollection.find.php<br />
• “Hacking NodeJS and MongoDB” - http: /blog.websecurify.<br />
com/2014/08/hacking-nodejs-and-mongodb.html<br />
• “Attacking NodeJS and MongoDB” - http: /blog.websecurify.<br />
com/2014/08/attacks-nodejs-and-mongodb-part-to.html<br />
Testing for LDAP Injection (OTG-INPVAL-006)<br />
Summary<br />
The Lightweight Directory Access Protocol (LDAP) is used to store<br />
information about users, hosts, and many other objects. LDAP injection<br />
is a server side attack, which could allow sensitive information<br />
about users and hosts represented in an LDAP structure<br />
to be disclosed, modified, or inserted. This is done by manipulating<br />
input parameters afterwards passed to internal search, add, and<br />
modify functions.<br />
A web application could use LDAP in order to let users authenticate<br />
or search other users’ information inside a corporate structure.<br />
The goal of LDAP injection attacks is to inject LDAP search<br />
filters metacharacters in a query which will be executed by the<br />
application.<br />
[Rfc2254] defines a grammar on how to build a search filter on<br />
LDAPv3 and extends [Rfc1960] (LDAPv2).<br />
An LDAP search filter is constructed in Polish notation, also known<br />
as [prefix notation].<br />
This means that a pseudo code condition on a search filter like this:<br />
find(“cn=John & userPassword=mypass”)<br />
will be represented as:<br />
find(“(&(cn=John)(userPassword=mypass))”)<br />
Boolean conditions and group aggregations on an LDAP search filter<br />
could be applied by using the following metacharacters:<br />
Metachar<br />
&<br />
|<br />
!<br />
=<br />
~=<br />
>=<br />