// // return true; // } // } // function ShowTwo(webUrl){ // alert("22"); // $.funkyUI({url:webUrl,css:{width:"600",height:"500"}}); // } //window.onload = pdfdownloadjudge;
WSN> Vol.1 No.4, November 2009
Share This Article:
Cite This Paper >>

LDAP Injection Techniques

Abstract Full-Text HTML Download Download as PDF (Size:1368KB) PP. 233-244
DOI: 10.4236/wsn.2009.14030    9,085 Downloads   15,322 Views   Citations
Author(s)    Leave a comment
Jose Maria ALONSO, Antonio GUZMAN, Marta BELTRAN, Rodolfo BORDON




The increase in the number of databases accessed only by some applications has made code injection attacks an important threat to almost any current system. If one of these applications accepts inputs from a client and executes these inputs without first validating them, the attackers are free to execute their own queries and therefore, to extract, modify or delete the content of the database associated to the application. In this paper a deep analysis of the LDAP injection techniques is presented. Furthermore, a clear distinction between classic and blind injection techniques is made.


Web Applications Security, Code Injection Techniques, LDAP

Cite this paper

J. Maria ALONSO, A. GUZMAN, M. BELTRAN and R. BORDON, "LDAP Injection Techniques," Wireless Sensor Network, Vol. 1 No. 4, 2009, pp. 233-244. doi: 10.4236/wsn.2009.14030.

Conflicts of Interest

The authors declare no conflicts of interest.


[1] S. Barnum and G. McGraw, “Knowledge for software security,” IEEE Security and Privacy Magazine, Vol. 3, No. 2, pp. 74–78, 2005.
[2] E. Bertino, A. Kamra, and J. Early, “Pro?ling database applica-tion to detect SQL injection attacks,” in Proceedings of the IEEE International Performance, Computing, and Communications Conference, pp. 449–458. 2007.
[3] X. Fug, X. Lu, B. Peltsverger, S. Chen, K. Qian, and L. Tao, “A static analysis framework for detecting SQL injection vulner-abilities,” in Proceedings of the 31st Annual International Computer Software and Applications Conference, pp. 87–96, 2007.
[4] E. Merlo, D. Letarte, and G. Antoniol, “SQL-injection security evolution analysis in PHP,” in Proceedings of the 9th IEEE International Workshop on Web Site Evolution, pp. 45–49, 2007.
[5] S. Thomas and L. Williams, “Using automated ?x generation to secure SQL statements,” in Proceedings of the 3rd International Workshop on Software Engineering for Secure Systems, pp. 9–19, 2007.
[6] “XPath 1.0 speci?cation,” 1999, http://www.w3.org/TR/ xpath.
[7] “XPath 2.0 speci?cation,” 2007, http://www.w3.org/TR/ xpath20/.
[8] “RFC 1777: Lightweight Directory Access Protocol v2,” 1995, http://www.faqs.org/rfcs/rfc1777.html.
[9] “RFC 2251: Lightweight Directory Access Protocol v3,” 1997, http://www.faqs.org/rfcs/rfc2251.html.
[10] T. Holz, S. Marechal, and F. Raynal, “New threats and attacks on the world wide web,” IEEE Security and Privacy Magazine, Vol. 4, No. 2, 2006.
[11] G. Hermosillo, R. Gomez, L. Seinturier, and L. Duchien, “AProSec: An aspect for programming secure web applica-tions,” in Proceedings of the Second International Conference on Availability, Reliability and Security, pp. 1026–1033, 2007.
[12] N. Jovanovic, C. Kruegel, and E. Kirda, “Pixy: A static analysis tool for detecting web application vulnerabilities,” in Proceed-ings of the IEEE Symposium on Security and Privacy, pp. 6–15, 2006.
[13] E. Jamhour, “Distributed security management using LDAP directories,” in Proceedings of the XXI Internatinal Conference of the Chilean Computer Science Society, pp. 144–153, 2001
[14] R. Sari and S. Hidayat, “Integrating web server applications with LDAP authentication: Case study on human resources informa-tion system of ui,” in Proceedings of the International Sympo-sium on Communications and Information Technologies, pp. 307–312, 2006.
[15] M. Wahl, T. Howes, and S. Kille, “Lightweight Directory Ac-cess Protocol (v3),” 1997, http://www.ietf.org/rfc/rfc2251.
[16] V. Koutsonikola and A. Vakali, “LDAP: Framework, practices, and trends,” IEEE Internet Computing, Vol. 8, No. 5, pp. 66–72, 2004.
[17] M. Russinovich and D. Solomon, Microsoft Windows Internals, Microsoft Press, 2004.
[18] “OpenLDAP main page,” http://www.openldap.org.

comments powered by Disqus
WSN Subscription
E-Mail Alert
WSN Most popular papers
Publication Ethics & OA Statement
WSN News
Frequently Asked Questions
Recommend to Peers
Recommend to Library
Contact Us

Copyright © 2020 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.