16
Aug
At this year’s Blackhat US, we conducted a small workshop titled “The Art of Exploiting Leser Known Injection Flaws”. In the workshop we discussed a variety of techniques for exploiting ldap, xpath, xml entity injection.
We also released a couple of tools for automating the attacks against LDAP and XPATH. These can be downloaded here:
http://code.google.com/p/ldap-blind-explorer/
http://code.google.com/p/xpath-blind-explorer/
There is a small video showing this in action here
Hope, you have fun exploiting XPATH and LDAP Injections with these automated tools.
6:04 pm on August 16th, 2011
Hey Guys,
I caught the tail end of the workshop, is there any way i could get a copy of the slides for review?
Thanks a so much!
-Jason
7:37 pm on August 17th, 2011
But their windows based
We want cross platform
7:42 pm on August 17th, 2011
a new shiny cross platform version with loads of new/advanced features coming up soon… stay tuned
8:33 am on August 18th, 2011
The second link reads “xpath-blind-explorer” but leads to “ldap-blind-explorer”.
8:36 am on August 18th, 2011
thanks, updated!
1:00 pm on September 16th, 2011
Download links are not working. Pls upload tools.