LDAP injection in LDAP query

  • Thread starter Thread starter krishna vegi
  • Start date Start date
K

krishna vegi

Guest
Hello everyone, this is my bool connection for validating whether an user is in AD group or not.
I got a security flag in my code.


private bool testconnection(string user)
{
bool isInGroup = false;
if (user.Length <= 7 && user.All(char.IsLetterOrDigit))
{
string groupName = "ASCA_CM_USER";
DirectoryEntry de = new DirectoryEntry("LDAP://OU=usersAndGroups,DC=mycompany,DC=com");
DirectorySearcher searcher = new DirectorySearcher(de);
de.AuthenticationType = AuthenticationTypes.Secure;
searcher.Filter = string.Format("(&(objectClass=user)(|(cn={0})(sAMAccountName={1})))",user,user);

SearchResult result = searcher.FindOne();

if (result != null)
{

DirectoryEntry person = result.GetDirectoryEntry();
PropertyValueCollection groups = person.Properties["memberof"];

foreach (string g in groups)
{
if (g.Contains(groupName))
{
isInGroup = true;
break;
}
}

}
}
return isInGroup;
}


I would like to know, how to pass the user name as a parameter in the searcher.filter rather than "+user+"


Security Flag:

Description


The software does not sufficiently sanitize special elements that are used in LDAP queries or responses, allowing attackers to modify the syntax, contents, or commands of the LDAP query before it is executed.

Recommendations


Validate all user-supplied input to ensure that it conforms to the expected format, using centralized data validation routines when possible. When using black lists, be sure that the sanitizing routine performs a sufficient number of iterations to remove all instances of disallowed characters.



Thank you,
Krishna




Continue reading...
 
Back
Top