This is a functional LDAP injection PoC that exploits a vulnerability in a web application by injecting a wildcard character (*) into the 'user' parameter, resulting in unauthorized LDAP query execution and information disclosure. The code demonstrates how the input is directly concatenated into an LDAP filter without sanitization.
Classification
Working Poc 90%
Target:
Custom web application using IPWorksASP.LDAP component
No auth needed
Prerequisites:
Web application with vulnerable LDAP search functionality · LDAP server accessible to the application