/

LDAP Injection Protection

Protection Module: LdapInjection

Prevents LDAP injection attacks through query validation and input sanitization.

Available for:

  • ASP.NET Core
  • ASP.NET Framework
  • Windows Services

How It Works

LDAP Injection Protection validates LDAP queries to prevent unauthorized directory access or manipulation.

Detection Methods:

  • Special Character Detection - Identifies *, (, ), \, |, &
  • Filter Injection Analysis - Detects malicious filter modifications
  • DN Injection Detection - Validates Distinguished Name syntax
  • Boolean Operator Abuse - Identifies &, |, ! injection
  • Wildcard Exploitation - Detects unauthorized * usage

Common Attack Patterns:

  • Authentication bypass (*)(uid=*))(|(uid=*)
  • Privilege escalation (injecting admin groups)
  • Data exfiltration (wildcard searches)
  • Filter modification ()(objectClass=*))

Configuration

JSON
{
  "protections": {
    "LdapInjection": {
      "enabled": true,
      "action": "block"
    }
  }
}

ASP.NET Core

C#
builder.Services.AddBytehideMonitor(monitor => monitor
    .WithProtection(ProtectionModuleType.LdapInjection, ActionType.Block)
);

Attack Examples

Authentication Bypass

LDAP
// Input: *)(uid=*))(|(uid=*
// Filter: (&(uid=*)(uid=*))(|(uid=*)(userPassword=*))
// Status: BLOCKED

Filter Injection

LDAP
// Input: admin)(|(uid=*
// Filter: (&(uid=admin)(|(uid=*)(userPassword=*))
// Status: BLOCKED

Wildcard Exploitation

LDAP
// Input: *
// Filter: (uid=*)
// Status: BLOCKED (unauthorized wildcard)

Platform Compatibility

PlatformSupport
ASP.NET Core
ASP.NET Framework
Windows Services

Actions

Configure responses

Previous
SSRF
Next
XXE