apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-15 20:05:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

[pitboss] phase 06: Track J.4 + Track L.4 — LDAP_INJECTION corpus + LdapTemplate / python-ldap / php-ldap adapters

Browse source
This commit is contained in:
pitboss 2026-05-17 22:32:44 -05:00
parent 993bfabe28
commit b2eeaabb09
27 changed files with 2189 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

13
tests/dynamic_fixtures/ldap_injection/php/benign.php Normal file
View file

@ -0,0 +1,13 @@
<?php
// Phase 06 (Track J.4) — PHP LDAP_INJECTION benign control fixture.
//
// Same shape as `vuln.php` but routes the attacker-controlled `$uid`
// through `ldap_escape($uid, "", LDAP_ESCAPE_FILTER)`, escaping the
// wildcard / paren breakout so the directory keeps returning at most
// one entry.
function run(string $uid) {
$c = ldap_connect("127.0.0.1");
ldap_bind($c);
$filter = "(uid=" . ldap_escape($uid, "", LDAP_ESCAPE_FILTER) . ")";
return ldap_search($c, "ou=people,dc=nyx,dc=test", $filter);
}