How To Identify and Prevent LDAP Injection (Part 2)
LDAP injection occurs when an application fails to neutralize characters that have special meaning in LDAP. Closely, resembling SQL injection, LDAP injection occurs when LDAP statements are constructed with unverified user-supplied data. This can result in the execution of arbitrary commands such as granting permissions to unauthorized queries as well as content alterations within the LDAP tree. The same advanced exploitation techniques leveraged in SQL Injection can be similarly applied in LDAP injection.