New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[GO]: [CWE-090: LDAP Injection All For One] #464
Comments
|
Your submission is now in status Generate Query Results. For information, the evaluation workflow is the following: |
|
@pupiles Didn't |
|
Your submission is now in status FP Check. For information, the evaluation workflow is the following: |
|
@porcupineyhairs I haven't set up the environment and tried the exploitation to the link above yet, but I just tested |
|
@pupiles please take into account that for the query to be eligible for a bounty, it has to find a CVE (either yours or past one). You can still submit this CVE |
|
@pupiles can you please check if these are secure sanitizers and account for them if they are? |
|
Yes, i think these are the sanitizers function because all the dangerous chars such as |
|
Can you please modify your query to account for it? I multiple results flowing through the same sanitizer |
|
yeah I just pushed the commit with some new sanitizers, please check it. |
|
Your submission is now in status Generate Query Results. For information, the evaluation workflow is the following: |
|
Your submission is now in status FP Check. For information, the evaluation workflow is the following: |
|
Your submission is now in status CodeQL review. For information, the evaluation workflow is the following: |
|
Your submission is now in status SecLab finalize. For information, the evaluation workflow is the following: |
|
Your submission is now in status Query review. For information, the evaluation workflow is the following: |
|
Your submission is now in status Final decision. For information, the evaluation workflow is the following: |
|
Your submission is now in status Pay. For information, the evaluation workflow is the following: |
|
Hey @pupiles could you please provide a public email or send me privately one? Thanks |
|
Created Hackerone report 1397942 for bounty 348986 : [464] [GO]: [CWE-090: LDAP Injection All For One] |
|
Your submission is now in status Closed. For information, the evaluation workflow is the following: |
Query
Relevant PR: github/codeql-go#596
Report
Constructing LDAP names or search filters directly from tainted data enables attackers to inject specially crafted values that changes the initial meaning of the name or filter itself. Successful LDAP injections attacks can read, modify or delete sensitive information from the directory service.
This query identifies cases in which a LDAP query executes user-provided input without being sanitized before.
Result(s)
Provide at least one useful result found by your query, on some revision of a real project.
The text was updated successfully, but these errors were encountered: