LDAP查询中的LDAP注入 [英] LDAP injection in LDAP query
问题描述
大家好,这是我的bool连接,用于验证用户是否在广告组中.
我的代码中有一个安全标志.
Hello everyone, this is my bool connection for validating whether an user is in AD group or not.
I got a security flag in my code.
我想知道,如何将用户名作为参数传递给searcher.filter而不是" + user +"
I would like to know, how to pass the user name as a parameter in the searcher.filter rather than "+user+"
安全标志:
该软件没有充分清除LDAP查询或响应中使用的特殊元素,从而使攻击者可以在执行LDAP查询之前修改其语法,内容或命令.
The software does not sufficiently sanitize special elements that are used in LDAP queries or responses, allowing attackers to modify the syntax, contents, or commands of the LDAP query before it is executed.
验证所有用户提供的输入,以确保其符合期望的格式,并在可能时使用集中式数据验证例程.使用黑名单时,请确保清理例程执行足够的迭代次数以删除所有 不允许的字符实例.
Validate all user-supplied input to ensure that it conforms to the expected format, using centralized data validation routines when possible. When using black lists, be sure that the sanitizing routine performs a sufficient number of iterations to remove all instances of disallowed characters.
谢谢
克里希纳
Thank you,
Krishna
推荐答案
克里希纳素食主义者,
Hi krishna vegi,
谢谢您在这里发布.
对于您的问题,我将使用我的用户名和LDAP测试您的代码.对我来说很好.
For your question, I test your code with my user name and LDAP. It works well for me.
>>> 我想知道如何将用户名作为参数传递给searcher.filter,而不是" + user +"
>>I would like to know, how to pass the user name as a parameter in the searcher.filter rather than "+user+"
我对此没有很好的理解.当您调用testconnection(字符串用户")时,请在testconnection(用户名")之间输入用户名.
I do not have a good understanding of this. When you invoke the testconnection("string user"), please input the user name between testconnection("username").
或者,如果您不知道用户名的格式,则可以使用以下代码获取当前用户名以供参考.
Or if you do not know the format of user name, you could use the following code to get the current user name for reference.
string userName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;searcher.filter使用以下准则:
1.字符串必须用括号括起来.
2.表达式可以使用关系运算符:< ;、< =,=, > =和>.一个例子是(objectClass = user)".另一个示例是(lastName> = Davis)".
3.复合表达式由前缀运算符&和|.一个示例是((&(objectClass = user)(lastName = Davis)))".另一个示例是((&(objectClass = printer)(|(building = 42)(building = 43)))".
有关详细信息,请参阅 DirectorySearcher.Filter 属性.
For more details, please refer to the DirectorySearcher.Filter Property.
对于您的代码,用户名和组名可能有问题.请尝试以下代码以获取具有用户名的组名并进行检查.如果所有信息都正确, LDAP格式可能有问题.
For your code, maybe there is something wrong with your user name and group name. Please try the following code to get the group name with user name and check it. If all the information are right, maybe there is something wrong in the format of LDAP.
using System;
using System.Collections.Generic;
using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace get_group_member_in_AD
{
class Program
{
static void Main(string[] args)
{
GetAD();
Console.ReadKey();
}
public static void GetAD()
{
using (PrincipalContext context = new PrincipalContext(ContextType.Domain))
{
using (UserPrincipal user = new UserPrincipal(context))
{
user.SamAccountName = "XXXXX";//USER NAME
using (PrincipalSearcher searcher = new PrincipalSearcher(user))
{
foreach (var result in searcher.FindAll())
{
DirectoryEntry de = result.GetUnderlyingObject() as DirectoryEntry;
DirectorySearcher searcher2 = new DirectorySearcher(de);
searcher2.Filter = string.Format("(&(objectCategory=user)(objectClass=user)(memberOf={0}))", "CN=XXXX,OU=XXXX,DC=XXXX,DC=XXXX,DC=XXXX,DC=XXXX");
SearchResultCollection results2 = searcher2.FindAll();
foreach (SearchResult res2 in results2)
{
ResultPropertyValueCollection Name = res2.Properties["name"];
foreach (var name in Name)
{
Console.WriteLine("The User {0} is in an AD group {1}.", name.ToString(), de.Properties["memberOf"][0]);
}
}
}
}
}
}
}
}
} 我希望这会对您有所帮助.我们正在等待您的更新.
如果还有其他问题,请随时与我们联系.
最好的问候,
Wendy
这篇关于LDAP查询中的LDAP注入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
