PT0-002 Question #423: Real Exam Question with Answer & Explanation

The correct answer is D: LDAP. The code sample provided involves LDAP (Lightweight Directory Access Protocol) query syntax, not SQL or command injection syntax. LDAP injections occur when user-supplied inputs are not properly sanitized before being incorporated into LDAP queries. The given code demonstrates a

Attacks and Exploits

Question

During an assessment, a penetration tester discovers the following code sample in a web application: "(&(userid=*)(userid=*))(|(userid=*) (userPwd={SHA1}a9993e364706816aba3e25717850c26c9cd0d89d==))"; Which of the following injections is being performed?

Options

ABoolean SQL
BCommand
CBlind SQL
DLDAP

Explanation

The code sample provided involves LDAP (Lightweight Directory Access Protocol) query syntax, not SQL or command injection syntax. LDAP injections occur when user-supplied inputs are not properly sanitized before being incorporated into LDAP queries. The given code demonstrates a potential LDAP injection point, where an attacker might manipulate the (userid=*) part to execute unauthorized queries or access unauthorized information within the LDAP directory. Boolean and Blind SQL injections, as well as Command injections, do not apply to LDAP query syntax.

Topics

#LDAP Injection#Injection Attacks#Web Application Security#Payload Analysis

Community Discussion

No community discussion yet for this question.

Full PT0-002 Practice Browse All PT0-002 Questions