LDAP/XPATH Injection tools

At this year’s Blackhat US, we conducted a small workshop titled “The Art of Exploiting Leser Known Injection Flaws”. In the workshop we discussed a variety of techniques for exploiting ldap, xpath, xml entity injection.

We also released a couple of tools for automating the attacks against LDAP and XPATH. These can be downloaded here:

http://code.google.com/p/ldap-blind-explorer/

http://code.google.com/p/xpath-blind-explorer/

There is a small video showing this in action here

Hope, you have fun exploiting XPATH and LDAP Injections with these automated tools.

6 Thoughts on “LDAP/XPATH Injection tools

  1. Hey Guys,

    I caught the tail end of the workshop, is there any way i could get a copy of the slides for review?

    Thanks a so much!

    -Jason

  2. But their windows based :(

    We want cross platform

  3. a new shiny cross platform version with loads of new/advanced features coming up soon… stay tuned

  4. The second link reads “xpath-blind-explorer” but leads to “ldap-blind-explorer”.

  5. thanks, updated!

  6. Download links are not working. Pls upload tools.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Post Navigation