apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

[pitboss] phase 06: Track J.4 + Track L.4 — LDAP_INJECTION corpus + LdapTemplate / python-ldap / php-ldap adapters

Browse source
This commit is contained in:
pitboss 2026-05-17 22:32:44 -05:00
parent 993bfabe28
commit b2eeaabb09
27 changed files with 2189 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

14
tests/dynamic_fixtures/ldap_injection/python/benign.py Normal file
View file

@ -0,0 +1,14 @@
"""Phase 06 (Track J.4) — Python LDAP_INJECTION benign control fixture.
Same shape as `vuln.py` but routes the attacker-controlled `uid`
through `ldap.dn.escape_filter_chars`, escaping the wildcard /
paren breakout so the directory keeps returning at most one entry.
"""
import ldap
import ldap.dn
def run(uid: str):
con = ldap.initialize("ldap://127.0.0.1")
filt = "(uid=" + ldap.dn.escape_filter_chars(uid) + ")"
return con.search_s("ou=people,dc=nyx,dc=test", ldap.SCOPE_SUBTREE, filt)

14
tests/dynamic_fixtures/ldap_injection/python/vuln.py Normal file
View file

@ -0,0 +1,14 @@
"""Phase 06 (Track J.4) — Python LDAP_INJECTION vuln fixture.
The function string-concatenates the attacker-controlled `uid` into the
LDAP filter passed to `ldap.search_s`; a payload like `alice*)(uid=*`
breaks out of the host `(uid=)` clause and matches every directory
entry.
"""
import ldap
def run(uid: str):
con = ldap.initialize("ldap://127.0.0.1")
filt = "(uid=" + uid + ")"
return con.search_s("ou=people,dc=nyx,dc=test", ldap.SCOPE_SUBTREE, filt)