mirror of
https://github.com/danog/psalm.git
synced 2024-12-11 16:59:45 +01:00
1023 B
1023 B
TaintedLdap
Potential LDAP injection. This rule is emitted when user-controlled input can be passed into an LDAP request.
Risk
Passing untrusted user input to LDAP requests could be dangerous.
If LDAP requests like these are used for login purposes, it could result in an authentication bypass. An attacker could write a filter that would evaluate to true
for any user, and thus bruteforce credentials easily.
Example
<?php
$ds = ldap_connect('example.com');
$dn = 'o=Psalm, c=US';
$filter = $_GET['filter'];
ldap_search($ds, $dn, $filter, []);
Mitigations
Use ldap_escape
to escape user input to the LDAP filter and DN.