BurpSuite marked a website I am testing with having a potential LDAP injection vulnerability. It seems that when I put an asterisk in a parameter ex. getStuff?id=* I get a 500 error and Java error output. When I set it to something normal like 123 I get a 200 response (the page is just blank however). I'm not sure how I can further exploit this, maybe someone knows?
Asked
Active
Viewed 313 times
1
user8098132
- 11
- 1
-
2Is the page used for querying an LDAP server? Seems unlikely in this case. – multithr3at3d Jun 13 '20 at 03:27
-
Just because Burp reports a *potential* issue doesn't mean it exists. You can see that Burp likely marked it as uncertain. – Jun 26 '20 at 05:42
1 Answers
0
I'm not sure how I can further exploit this, maybe someone knows?
There is need of enumeration here to know what kind of protection is in place and if there is any known way to bypass it?. Try supplying clean ldap queries and looking for change at response's characteristics or values then try for other techniques like blind ldap queries and other known techniques. You may also receive help by reading burp suite's description over the vulnerability and follow their blog to see what techniques they have mentioned and follow the methodology to conclude if the techniques work in your favor. Hope this helps.
Arpit Rohela
- 573
- 2
- 12