At this year’s Blackhat US, we conducted a small workshop titled “The Art of Exploiting Leser Known Injection Flaws”. In the workshop we discussed a variety of techniques for exploiting ldap, xpath, xml entity injection.
We also released a couple of tools for automating the attacks against LDAP and XPATH. These can be downloaded here:
http://code.google.com/p/ldap-blind-explorer/
http://code.google.com/p/xpath-blind-explorer/
There is a small video showing this in action here
Hope, you have fun exploiting XPATH and LDAP Injections with these automated tools.
Comments
6 Comments
Hey Guys,
I caught the tail end of the workshop, is there any way i could get a copy of the slides for review?
Thanks a so much!
-Jason
But their windows based 🙁
We want cross platform
a new shiny cross platform version with loads of new/advanced features coming up soon… stay tuned
The second link reads “xpath-blind-explorer” but leads to “ldap-blind-explorer”.
thanks, updated!
Download links are not working. Pls upload tools.
Trackback