How do I sanitize LDAP input and prevent injection attacks? What LDAP injection scenarios are possible?
In the following C# example I’m querying AD’s configuration container for Exchange overrides. If the domain name in unsanitised the end user could get LDAP to read a different object then intended.
I’m not sure if other actions other th… Continue reading How do I sanitize LDAP input and prevent injection attacks? What LDAP injection scenarios are possible?