LDAP 01
This exercise is one of our challenges on vulnerabilities related to LDAP
In this first example, you will connect to an LDAP server using your username and password. The LDAP server will not authenticate you if your credentials are invalid. However, some LDAP servers authorize NULL Bind, which means if null values are sent, the server will proceed to bind the connection. This can cause the PHP code to mistakenly think that the credentials are correct. To get the bind with two null values, you will need to completely remove these parameters from the query. If you keep something like username=&password=
in the URL, these values will not work since they are empty and not null.
The video transcript further explains the code behind this process. Initially, it checks for a POST request and attempts to connect to the LDAP server. If the connection is successful, it sets some options for the connection, such as the version of the protocol and LDAP OPT referral. The code does not check if $_POST['password']
and $_POST['username']
are null, which can lead to unauthorized access if the LDAP server allows null bind. Therefore, the code should ensure that the password is not null to prevent unauthorized access. Additionally, it is recommended to search for the user instead of just relying on ldap_bind.