I am trying to get a better understanding of XML and XML injections along with LDAP, I can not seem to find the videos in security plus can someone help break this down for me?
-
Data injections
-
XXE attacks and mitigations are covered in our OWASP Top 10 2017 series which you can find here...
https://app.itpro.tv/course-library/owasp-top-10-2017/a4-xml-external-entities-exploit/
https://app.itpro.tv/course-library/owasp-top-10-2017/a4-xml-external-entities-mitigate/
https://app.itpro.tv/course-library/owasp-top-10-2017/a4-xml-external-entities-breakdown/I don't think we have anything specifically covering LDAP injections, but basically if an application is using LDAP to do things like authentication or information lookup/retrieval, you may be able to manipulate the query much like you do with a SQL injection.
OWASP covers this in more detail here...
https://wiki.owasp.org/index.php/Testing_for_LDAP_Injection_(OTG-INPVAL-006)
I hope this helps you out.
Daniel
ITProTV
Show Host