Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP Error #16

Open
bright-security bot opened this issue Feb 28, 2022 · 0 comments
Open

LDAP Error #16

bright-security bot opened this issue Feb 28, 2022 · 0 comments

Comments

@bright-security
Copy link

LDAP Error

Severity: Medium Discovered: 28 of February-2022, 02:06 PM

CWE ID

CWE-90

CVSS

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Details

An unhandled LDAP error has been reflected in the response from the server.
This information might help attackers execute LDAP Injection attacks and expose sensitive information.
Attacked Parameter:
Attacked Parameter Type: MultiParse::DataType::String
Attacked Parameter Location: Query
Triggered Using Token: U+0000
Parameter Encoding: [:none]

Possible exposure

Execute Unauthorized Code or Commands; Read Application Data; Modify Application Data

Remediation suggestions

Use a whitelist of acceptable inputs and assume all input is malicious. Meaning that application should avoid copying user-controllable data into LDAP queries. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules.

Request

GET https://brokencrystals.com/api/users/ldap?query=%28%26%28objectClass%3D%2500 HTTP/1.1
Host: brokencrystals.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://brokencrystals.com/login
Accept-Encoding: identity
Accept-Language: en-US,en;q=0.9,ru-RU;q=0.8,ru;q=0.7
Cookie: bc-calls-counter=3; connect.sid=IQu9wdyuxmH_iGNo5Wi46UX1lYLwW6UA.BVlD27pnZPfKxfLg6UyeL5rqzm3xOZvmyjGzI1fBXVg; CGIC=; 1P_JAR=2022-02-28-13; NID=511=Tqwu-VqOtl8L11dgqXi0NKNFIEwK--jB6r_CMr80RSBvsJRStMawtUaUbU1lRMwuwyEskDy9bSO4P9L9w7els_112UymFVa60nsgaTTMgG762ugjDzPx1B2pLF851OO1dkqIj8mfEIrvvQZtMboxAv412TJ1RqBVna7Wl9TjvR_2ffeJMWCCSqUhj7uLznDgeMMl29ynm8M5G83gjl58VpWuoJHV6cx1tu-dKFkLKzH9ztA3umZvzCaCgdRXYIy1PAuxmbl8BnZwhCUfpz1IewJbF6d6IafsMIr5MWAedkAdwEu_BqB8SJjvMw1cwZPJypfA

Response

HTTP/1.1 500
server: nginx/1.19.8
date: Mon, 28 Feb 2022 14:06:01 GMT
content-type: application/json; charset=utf-8
content-length: 286
connection: keep-alive
vary: Origin
access-control-allow-origin: *
set-cookie: connect.sid=IQu9wdyuxmH_iGNo5Wi46UX1lYLwW6UA.BVlD27pnZPfKxfLg6UyeL5rqzm3xOZvmyjGzI1fBXVg; Path=/
Cache-Control: public, max-age=99999

{"error":"\n      Lookup failed: javax.naming.NamingException: \n      [LDAP: error code 1 - 000004DC: Lda pErr: DSID-0C0906DC, comment: context not found., data 0, v1db1 ]; \n      remaining name: 'OU=Users,O=BrokenCrystals'\n    ","location":"/var/www/dist/users/users.controller.js"}

External links
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants