Title :
LDAP injection techniques
Author :
Alonso, Jose María ; Bordon, Rodolfo ; Beltrán, Marta ; Guzmán, Antonio
Author_Institution :
Informatica64, Mostoles, Spain
Abstract :
The increase in the number of databases accessed only by some applications has made code injection attacks an important threat to almost any current system. If one of these applications accepts inputs from a client and executes these inputs without first validating them, the attackers are free to execute their own queries and therefore, to extract, modify or delete the content of the database associated to the application. In this paper a deep analysis of the LDAP injection techniques is presented. Furthermore, a clear distinction between classic and blind injection techniques is made.
Keywords :
access protocols; security of data; LDAP injection; blind injection; code injection; light directory access protocol; Access protocols; Data security; Databases; Information filtering; Information filters; Information security; Information technology; Intrusion detection; Programming profession; Protection; LDAP; Web applications security; code injection techniques;
Conference_Titel :
Communication Systems, 2008. ICCS 2008. 11th IEEE Singapore International Conference on
Conference_Location :
Guangzhou
Print_ISBN :
978-1-4244-2423-8
Electronic_ISBN :
978-1-4244-2424-5
DOI :
10.1109/ICCS.2008.4737330
