Unlock instant, AI-driven research and patent intelligence for your innovation.
A method and device for automatically detecting ldap authentication injection vulnerabilities
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
An automatic detection and loophole technology, applied in transmission systems, electrical components, etc., can solve problems such as time-consuming, labor-intensive, and omissions, and achieve the effect of improving detection efficiency and reducing detection costs
Active Publication Date: 2021-09-03
INSPUR SUZHOU INTELLIGENT TECH CO LTD
View PDF6 Cites 0 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0004] In order to solve the problems existing in the prior art, the present invention innovatively proposes a method and device for automatically detecting LDAP authentication injection loopholes, which effectively solves the time-consuming, laborious, and omission problems caused by manual LDAP authentication injection loophole detection, and effectively improves High detection efficiency and reduced detection cost
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0033] like figure 1 As shown, the present invention provides a method of automated detection of LDAP authentication injection vulnerability, including:
[0034] S1, encapsulate the LDAP INJECTION TEST program as a script;
[0035] S2, the script, the LDAP server, web application communicates the connection, constitutes the connection relationship between the three interconnections;
[0036] S3, obtain the LDAP server configuration information through the script, the first login account, the second login account, use the first login account to log in to the web application, configure the LDAP settings in the web application according to the LDAP server configuration information;
[0037] S4, exit the web application, use the second login account to log in to the web application, determine whether the login is successful, if the result is that the result is yes, then step S5 is performed; if the result of the determination is not, step S1 is executed;
[0038] S5, use the first inj...
Embodiment 2
[0050] like figure 2 As shown, the technical solution of the present invention also provides an automated detection of an LDAP authentication injection vulnerability, including:
[0051] The package module 101 encapsulates the LDAP INJECTION TEST program as a script;
[0052] Connection module 102, communicate scripts, LDAP servers, web applications, constitutes three interconnected connection relationships;
[0053] Configuration module 103, obtain LDAP server configuration information, first login account, second login account, using the first login account, configure the LDAP setting in the web application according to the LDAP server configuration information using the first login account.
[0054] Exit the login module 104, exit the web application, log in to the web application using the second login account, and determine whether the login is successful;
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
PUM
Login to View More
Abstract
The present invention proposes a method for automatically detecting LDAP authentication injection vulnerabilities, including: encapsulating the LDAP Injection Test program into a script; communicating and connecting the script, LDAP server, and Web application to form a connection relationship among the three; using the script to use the first Log in to the web application with the first login account, and perform LDAP settings; exit the web application, log in to the web application with the second login account, and judge whether the login is successful. If successful, use the first injection login test case and the second injection login test case to perform injection login test If unsuccessful, then reconfigure, the present invention also proposes a device for automatic detection of LDAP authentication injection loopholes, which can quickly and comprehensively draw accurate results, effectively improve detection efficiency, and reduce detection costs.
Description
Technical field [0001] The present invention relates to the field of vulnerability detection, and more particularly to an automated detection of LDAP authentication injection vulnerability. Background technique [0002] As the Internet is widely used, the number of web applications is explosive, and the resources and data of these applications are stored in a directory. Usually different applications will have a directory that belongs to its own data, the proprietary directory, the number of exclusive directory has led to increasing difficulties in the sharing and management of the system and resources, too many directory brings huge pressure. Using LDAP (Lightweight Directory Access Protocol, the Lightweight Directory Access Protocol, the Lightweight Directory Access Protocol) centralized management information, the search speed is fast and can effectively alleviate the pressure brought by the directory. With the widespread use of LDAP, LDAP certification injection vulnerability...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to View More 
Login to View More