LDAP/XPATH Injection tools

August 16, 2011

At this year’s Blackhat US, we conducted a small workshop titled “The Art of Exploiting Leser Known Injection Flaws”. In the workshop we discussed a variety of techniques for exploiting ldap, xpath, xml entity injection.

We also released a couple of tools for automating the attacks against LDAP and XPATH. These can be downloaded here:

http://code.google.com/p/ldap-blind-explorer/

http://code.google.com/p/xpath-blind-explorer/

There is a small video showing this in action here

Hope, you have fun exploiting XPATH and LDAP Injections with these automated tools.

Comments

6 Comments

Jason Haddix says:

August 16, 2011 at 6:04 pm

Hey Guys,

I caught the tail end of the workshop, is there any way i could get a copy of the slides for review?

Thanks a so much!

-Jason

Reply
Max says:

August 17, 2011 at 7:37 pm

But their windows based 🙁

We want cross platform

Reply
sid says:

August 17, 2011 at 7:42 pm

a new shiny cross platform version with loads of new/advanced features coming up soon… stay tuned

Reply
Roman says:

August 18, 2011 at 8:33 am

The second link reads “xpath-blind-explorer” but leads to “ldap-blind-explorer”.

Reply
sid says:

August 18, 2011 at 8:36 am

thanks, updated!

Reply
ex says:

September 16, 2011 at 1:00 pm

Download links are not working. Pls upload tools.

Reply

LDAP/XPATH Injection tools

Comments

6 Comments

Leave a Reply Cancel reply

Trackback