Unlock instant, AI-driven research and patent intelligence for your innovation.
Method and device for automatically detecting LDAP authentication injection vulnerabilities
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
An automatic detection and vulnerability technology, applied in the field of vulnerability detection, can solve problems such as time-consuming, laborious, and omissions, and achieve the effect of improving detection efficiency and reducing detection costs
Active Publication Date: 2019-12-06
INSPUR SUZHOU INTELLIGENT TECH CO LTD
View PDF6 Cites 0 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0004] In order to solve the problems existing in the prior art, the present invention innovatively proposes a method and device for automatically detecting LDAP authentication injection loopholes, which effectively solves the time-consuming, laborious, and omission problems caused by manual LDAP authentication injection loophole detection, and effectively improves High detection efficiency and reduced detection cost
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0033] Such as figure 1 As shown, the present invention provides a method for automatic detection of LDAP authentication injection vulnerabilities, including:
[0034] S1, encapsulating the LDAP Injection Test program as a script;
[0035] S2, communicate and connect the script, LDAP server, and Web application to form a connection relationship between the three;
[0036] S3, obtain the LDAP server configuration information, the first login account, and the second login account through the script, use the first login account to log in to the Web application, and configure LDAP settings in the Web application according to the LDAP server configuration information;
[0037] S4, exit the web application, use the second login account to log in the web application, and judge whether the login is successful, if the judgment result is yes, execute step S5; if the judgment result is no, execute step S1, and reconfigure;
[0038] S5, using the first injection login test case and the ...
Embodiment 2
[0050] Such as figure 2 As shown, the technical solution of the present invention also provides a device for automatically detecting LDAP authentication injection vulnerabilities, including:
[0051] Encapsulation module 101, the LDAP Injection Test program is encapsulated as a script;
[0052] The connection module 102 communicates and connects the script, the LDAP server, and the Web application to form a connection relationship among the three;
[0053] Configuration module 103, obtains LDAP server configuration information, the first login account number, the second login account number by script, uses the first login account number to log in to the Web application, and configures LDAP settings in the Web application according to the LDAP server configuration information;
[0054] Exit the login module 104, exit the Web application, use the second login account to log in the Web application, and determine whether the login is successful;
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
PUM
Login to View More
Abstract
The invention provides a method for automatically detecting LDAP authentication injection vulnerabilities. The method comprises: packaging an LDAP Injection Test program into a script; carrying out communication connection on the script, the LDAP server and the Web application to form a connection relationship of interconnection of the script, the LDAP server and the Web application; logging in the Web application by using the first login account through the script, and performing LDAP setting; exiting the Web application, logging in the Web application by using the second login account, judging whether login succeeds or not, and if login succeeds, performing an injection login test by using the first injection login test case and the second injection login test case; if the login fails, carrying out the configuration again. The invention further provides a device for automatically detecting the LDAP authentication injection vulnerability, an accurate result can be quickly and comprehensively obtained, the detection efficiency is effectively improved, and the detection cost is reduced.
Description
technical field [0001] The invention relates to the field of loophole detection, in particular to a method and device for automatically detecting LDAP authentication injection loopholes. Background technique [0002] With the widespread use of the Internet, the number of Web applications is growing explosively, and the resources and data of these applications are distributed and stored in directories. Usually, different applications have directories dedicated to their own related data, that is, proprietary directories. The increase in the number of proprietary directories has made it increasingly difficult to share and manage systems and resources. Too many directories have brought huge burdens to computer searches. pressure. Using LDAP (Lightweight Directory Access Protocol, Lightweight Directory Access Protocol) to centrally manage information, the search speed is fast, which can effectively relieve the pressure brought by the increase of directories. With the widespread...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to View More 
Login to View More