Defensive Programming Tips-2: LDAP Injection

Cenk Kalpakoğlu21 Jan 2021
AppSecSecure Coding
ou=Physics Department, dc=Caltech, dc=edu
ou=Mathematics Department, dc=Caltech, dc=edu
filter = "(&(objectClass=person)(|(sAMAccountName=\" + username + ")(mail="+ username +")))"
filterDn = "(&(objectClass=person)(|(sAMAccountName={username})(mail={username})))"
...
filter = string.Replace(filterDn, "{username}", username -1)
filter = fmt.Sprintf("(&(objectClass=person)(|(sAMAccountName=%s)(mail=%s)))", username, username)

Get A Demo