Web - Server
Tuesday 22 May 2018, 01:26 #1
Web - Server Blind LDAP Injection, a note on implementation
Hello, I’ve just solved the blind LDAP challenge and I noticed than even though LDAP search is case insensitive, the flag itself is not!
since we can -probably- log in with both uppercase and lowercase password, the flag should accept them both... either that or change the password attribute to case sensitive!
Thanks for the greate challenges guys :)