[pitboss] phase 06: Track J.4 + Track L.4 — LDAP_INJECTION corpus + LdapTemplate / python-ldap / php-ldap adapters

tests/dynamic_fixtures/ldap_injection/java/Vuln.java

@@ -0,0 +1,16 @@
+// Phase 06 (Track J.4) — Java LDAP_INJECTION vuln fixture.
+//
+// The function string-concatenates the attacker-controlled `uid`
+// directly into the LDAP filter passed to `LdapTemplate.search`.  A
+// payload like `alice*)(uid=*` rewraps the filter as
+// `(|(uid=alice*)(uid=*))` once the host wrapper pushes it through a
+// containing `(|…)`/`(&…)` clause, matching every directory entry.
+import java.util.List;
+import org.springframework.ldap.core.LdapTemplate;
+
+public class Vuln {
+    public static List<Object> run(String uid, LdapTemplate template) {
+        String filter = "(uid=" + uid + ")";
+        return template.search("ou=people,dc=nyx,dc=test", filter, null);
+    }
+}