원클릭으로
sc-ldap
LDAP Injection detection in search filters, DN construction, and bind operations
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
LDAP Injection detection in search filters, DN construction, and bind operations
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Comprehensive AI-powered security scanning suite with 48 skills covering OWASP Top 10, 7 language-specific deep scanners (Go, TypeScript, Python, PHP, Rust, Java, C#), supply chain analysis, infrastructure-as-code scanning, and 3000+ checklist items. Use when you need to run a security audit, find vulnerabilities, scan a PR for security issues, or perform a penetration test on a codebase.
C#/.NET-specific security deep scan
Go-specific security deep scan
Java/Kotlin-specific security deep scan
PHP-specific security deep scan
Python-specific security deep scan
| name | sc-ldap |
| description | LDAP Injection detection in search filters, DN construction, and bind operations |
| license | MIT |
| metadata | {"author":"ersinkoc","category":"security","version":"1.0.0"} |
Detects LDAP injection vulnerabilities where user input is incorporated into LDAP search filters or Distinguished Name (DN) strings without proper escaping, allowing authentication bypass, unauthorized data access, and directory information disclosure.
Called by sc-orchestrator during Phase 2 when LDAP library usage is detected.
**/*.java, **/*.py, **/*.php, **/*.cs, **/*.go, **/*.ts, **/*.js,
**/*ldap*, **/*auth*, **/*login*, **/*directory*, **/*ad_*
"ldap_search", "ldap_bind", "ldap_connect", "ldap_modify",
"LdapConnection", "DirContext", "InitialDirContext", "SearchControls",
"ldap3", "python-ldap", "ldap.search", "DirectorySearcher",
"SearchRequest", "(&(", "(|(", "objectClass="
// VULNERABLE: String concatenation in LDAP filter
String filter = "(&(uid=" + username + ")(userPassword=" + password + "))";
NamingEnumeration results = ctx.search("ou=users,dc=example,dc=com", filter, controls);
// Attack: username = "admin)(|(uid=*" → filter becomes (&(uid=admin)(|(uid=*)(userPassword=anything))
// This matches ALL users, bypassing password check
// SAFE: Escape special LDAP characters
String safeUsername = LdapEncoder.filterEncode(username);
String safePassword = LdapEncoder.filterEncode(password);
String filter = "(&(uid=" + safeUsername + ")(userPassword=" + safePassword + "))";
# VULNERABLE
search_filter = f"(&(uid={username})(userPassword={password}))"
conn.search('ou=users,dc=example,dc=com', search_filter)
# SAFE: Use ldap3 escape function
from ldap3.utils.conv import escape_filter_chars
safe_user = escape_filter_chars(username)
safe_pass = escape_filter_chars(password)
search_filter = f"(&(uid={safe_user})(userPassword={safe_pass}))"
// VULNERABLE
$filter = "(&(uid=$username)(userPassword=$password))";
$result = ldap_search($conn, "ou=users,dc=example,dc=com", $filter);
// SAFE
$safe_user = ldap_escape($username, '', LDAP_ESCAPE_FILTER);
$safe_pass = ldap_escape($password, '', LDAP_ESCAPE_FILTER);
$filter = "(&(uid=$safe_user)(userPassword=$safe_pass))";
// VULNERABLE
var searcher = new DirectorySearcher();
searcher.Filter = $"(&(uid={username})(userPassword={password}))";
// SAFE: Use proper encoding
var safeUser = username.Replace("\\", "\\5c").Replace("*", "\\2a")
.Replace("(", "\\28").Replace(")", "\\29").Replace("\0", "\\00");
Characters requiring escaping in search filters: *, (, ), \, NUL
Characters requiring escaping in DNs: ,, +, ", \, <, >, ;
*)(uid=*))(|(uid=* as username would modify the LDAP filter to match all entries.