mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
16 lines
690 B
Java
16 lines
690 B
Java
// Phase 06 (Track J.4) — Java LDAP_INJECTION vuln fixture.
|
|
//
|
|
// The function string-concatenates the attacker-controlled `uid`
|
|
// directly into the LDAP filter passed to `LdapTemplate.search`. A
|
|
// payload like `alice*)(uid=*` rewraps the filter as
|
|
// `(|(uid=alice*)(uid=*))` once the host wrapper pushes it through a
|
|
// containing `(|…)`/`(&…)` clause, matching every directory entry.
|
|
import java.util.List;
|
|
import org.springframework.ldap.core.LdapTemplate;
|
|
|
|
public class Vuln {
|
|
public static List<Object> run(String uid, LdapTemplate template) {
|
|
String filter = "(uid=" + uid + ")";
|
|
return template.search("ou=people,dc=nyx,dc=test", filter, null);
|
|
}
|
|
}
|