Application Security Terminology

Glossary

LDAP Injection

LDAP Injection is an attack used to exploit web-based applications that construct Lightweight Directory Access Protocol statements based on user input. This involves changing LDAP statements so that dynamic web applications can run with invalid permissions, allowing the attacker to alter, add, or delete content. 

LDAP Injection employs Lightweight Directory Access Protocol, an open-standard protocol for both querying and manipulating X.500 directory services, to preform exploits similar to those used in SQL Injection. When an application fails to properly sanitize user input, it makes it possible for attackers to modify LDAP statements using a local proxy. This can result in the execution of arbitrary commands such as granting permissions to unauthorized queries, and content modification inside the LDAP tree.