Which attack targets directory services by manipulating LDAP statements constructed from user input?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam. Study with comprehensive questions and explanations. Equip yourself with the skills needed for success!

Multiple Choice

Which attack targets directory services by manipulating LDAP statements constructed from user input?

Explanation:
LDAP Injection happens when an application builds LDAP search filters using user-supplied data without escaping or proper validation. LDAP uses filters with parentheses and operators like AND, OR, and NOT, so if input is plugged directly into the filter, an attacker can alter the query’s logic. This can let them bypass authentication or retrieve more data than intended by injecting additional clauses into the LDAP query. For example, if a login routine creates a filter like (&(objectClass=person)(uid=userInput)), a crafted input can close the existing filter and append a new clause, changing the results the directory returns. This precisely describes manipulating LDAP statements constructed from user input. The other options relate to injecting HTML or server-side directives, or simply refer to the directory service itself, not to altering LDAP queries.

LDAP Injection happens when an application builds LDAP search filters using user-supplied data without escaping or proper validation. LDAP uses filters with parentheses and operators like AND, OR, and NOT, so if input is plugged directly into the filter, an attacker can alter the query’s logic. This can let them bypass authentication or retrieve more data than intended by injecting additional clauses into the LDAP query. For example, if a login routine creates a filter like (&(objectClass=person)(uid=userInput)), a crafted input can close the existing filter and append a new clause, changing the results the directory returns. This precisely describes manipulating LDAP statements constructed from user input. The other options relate to injecting HTML or server-side directives, or simply refer to the directory service itself, not to altering LDAP queries.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy