Class: Arachni::Checks::LdapInjection
- Inherits:
-
Arachni::Check::Base
- Object
- Arachni::Component::Base
- Arachni::Check::Base
- Arachni::Checks::LdapInjection
- Defined in:
- components/checks/active/ldap_injection.rb
Overview
LDAP injection check.
Constant Summary
Constants included from Arachni::Check::Auditor
Arachni::Check::Auditor::DOM_ELEMENTS_WITH_INPUTS, Arachni::Check::Auditor::ELEMENTS_WITH_INPUTS, Arachni::Check::Auditor::FILE_SIGNATURES, Arachni::Check::Auditor::FILE_SIGNATURES_PER_PLATFORM, Arachni::Check::Auditor::Format, Arachni::Check::Auditor::SOURCE_CODE_SIGNATURES_PER_PLATFORM
Constants included from Arachni
BANNER, Arachni::Cookie, Form, Header, JSON, Link, LinkTemplate, NestedCookie, Severity, UIForm, UIInput, VERSION, WEBSITE, WIKI, XML
Instance Attribute Summary
Attributes included from Arachni::Check::Auditor
Class Method Summary collapse
Instance Method Summary collapse
Methods inherited from Arachni::Check::Base
#browser_cluster, #clean_up, elements, exempt_platforms, has_exempt_platforms?, has_platforms?, #initialize, platforms, #plugins, prefer, #preferred, preferred, #prepare, #session, supports_platforms?
Methods included from Arachni::Check::Auditor
#audit, #audit_differential, #audit_signature, #audit_timeout, #audited, #audited?, #buffered_audit, #each_candidate_dom_element, #each_candidate_element, has_timeout_candidates?, #http, #initialize, #log, #log_issue, #log_remote_file, #log_remote_file_if_exists, #match_and_log, #max_issues, #preferred, reset, #skip?, timeout_audit_run, #trace_taint, #with_browser, #with_browser_cluster
Methods inherited from Arachni::Component::Base
author, description, fullname, #shortname, shortname, shortname=, version
Methods included from Arachni::Component::Output
#depersonalize_output, #depersonalize_output?, #intercept_print_message
Methods included from UI::Output
#caller_location, #debug?, #debug_level, #debug_level_1?, #debug_level_2?, #debug_level_3?, #debug_level_4?, #debug_off, #debug_on, #disable_only_positives, #error_buffer, #error_log_fd, #error_logfile, #has_error_log?, #included, #log_error, #mute, #muted?, #only_positives, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_exception, #print_debug_level_1, #print_debug_level_2, #print_debug_level_3, #print_debug_level_4, #print_error, #print_error_backtrace, #print_exception, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, reset_output_options, #set_error_logfile, #unmute, #verbose?, #verbose_off, #verbose_on
Methods included from Arachni::Component::Utilities
Methods included from Utilities
#available_port, available_port_mutex, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_file, #cookies_from_parser, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_parser, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_parser, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite
Methods included from Arachni
URI, collect_young_objects, #get_long_win32_filename, jruby?, null_device, profile?, windows?
Constructor Details
This class inherits a constructor from Arachni::Check::Base
Class Method Details
.error_strings ⇒ Object
18 19 20 |
# File 'components/checks/active/ldap_injection.rb', line 18 def self.error_strings @errors ||= read_file( 'errors.txt' ) end |
.info ⇒ Object
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 |
# File 'components/checks/active/ldap_injection.rb', line 30 def self.info { name: 'LDAPInjection', description: %q{ It tries to force the web application to return LDAP error messages, in order to discover failures in user input validation. }, elements: ELEMENTS_WITH_INPUTS, author: 'Tasos "Zapotek" Laskos <[email protected]>', version: '0.1.4', issue: { name: %q{LDAP Injection}, description: %q{ Lightweight Directory Access Protocol (LDAP) is used by web applications to access and maintain directory information services. One of the most common uses for LDAP is to provide a Single-Sign-On (SSO) service that will allow clients to authenticate with a web site without any interaction (assuming their credentials have been validated by the SSO provider). LDAP injection occurs when untrusted data is used by the web application to query the LDAP directory without prior sanitisation. This is a serious security risk, as it could allow cyber-criminals the ability to query, modify, or remove anything from the LDAP tree. It could also allow other advanced injection techniques that perform other more serious attacks. Arachni was able to detect a page that is vulnerable to LDAP injection based on known error messages. }, tags: %w(ldap injection regexp), references: { 'WASC' => 'http://projects.webappsec.org/w/page/13246947/LDAP-Injection', 'OWASP' => 'https://www.owasp.org/index.php/LDAP_injection' }, cwe: 90, severity: Severity::HIGH, remedy_guidance: %q{ It is recommended that untrusted data is never used to form a LDAP query. To validate data, the application should ensure that the supplied value contains only the characters that are required to perform the required action. For example, where a username is required, then no non-alphanumeric characters should be accepted. If this is not possible, special characters should be escaped so they are treated accordingly. The following characters should be escaped with a `\`: * `&` * `!` * `|` * `=` * `<` * `>` * `,` * `+` * `-` * `"` * `'` * `;` Additional character filtering must be applied to: * `(` * `)` * `\` * `/` * `*` * `NULL` These characters require ASCII escaping. } } } end |