dmccabe Posted March 14, 2008 Share Posted March 14, 2008 I have created a simple LDAP phonebook (well when I say created, I mean I downloaded part of it, it didnt work, I hacked it to bits and then have uploaded it again for you good people), it was created for Active Directory, but should by rights work with any ldap server. You may need to tinker with some of the settings to get it to work for your environment, but I have included a readme that should explain all. Anyway if you wanna try it out, download: http://www.techmonkeys.co.uk/scripts/adphonebook.zip Let me know if it works or not! Link to comment Share on other sites More sharing options...
dmccabe Posted March 14, 2008 Author Share Posted March 14, 2008 would appreciate some feedback if anyone has tried it. One small thing I have noticed is that in ldadp.config.php where I have the $base_dn variable you may need to change "OU" to "cn" eg: $base_dn = "cn=Users, DC=slmhc, DC=net"; This is if you have all your users contained inside the "users" container and have not fluffed about with your ldap setup like I have Link to comment Share on other sites More sharing options...
Naatan Posted April 18, 2008 Share Posted April 18, 2008 Why don't you make a demo available online? I doubt a lot of people have an ldap server available to do some testing on. Link to comment Share on other sites More sharing options...
gpettit Posted August 20, 2008 Share Posted August 20, 2008 Hey all, I tried this it looks great... I am not able to search... Is there any way to get it to generate an error or maybe a pointer. I am using the WAMPServer 2 I have turned on the LDAP extentions for both Apache and PHP the restared the services. So any help would be great. Thanks, Glen Link to comment Share on other sites More sharing options...
darkfreaks Posted August 20, 2008 Share Posted August 20, 2008 HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method. This vulnerability affects Web Server. The impact of this vulnerability Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data. How to fix this vulnerability Disable TRACE Method on the web server.\ PHPinfo page found PHPinfo page has been found on this directory. The PHPinfo page outputs a large amount of information about the current state of PHP. This includes information about PHP compilation options and extensions, the PHP version, server information and environment (if compiled as a module), the PHP environment, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License. This vulnerability affects /phpinfo.php. The impact of this vulnerability This file may expose sensitive information that may help an malicious user to prepare more advanced attacks. How to fix this vulnerability Remove the file from production systems. Link to comment Share on other sites More sharing options...
darkfreaks Posted August 30, 2008 Share Posted August 30, 2008 ***************** XSS Analysis BEGIN ***************** Number of sinks: 57 XSS Analysis Output -------------------- Vulnerability detected! - conditional on register_globals=on - pixy_1220128249DT0PAY:27 - Graph: xss1 Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:122 - Graph: xss4 Unmodeled builtin function: ldap_get_entries Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:125 - Graph: xss7 Unmodeled builtin function: ldap_get_entries Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:126 - Graph: xss8 Unmodeled builtin function: ldap_get_entries Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:136 - Graph: xss18 Unmodeled builtin function: ldap_get_entries Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:137 - Graph: xss19 Unmodeled builtin function: ldap_get_entries Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:138 - Graph: xss20 Unmodeled builtin function: ldap_get_entries Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:139 - Graph: xss21 Unmodeled builtin function: ldap_get_entries Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:140 - Graph: xss22 Unmodeled builtin function: ldap_get_entries Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:141 - Graph: xss23 Unmodeled builtin function: ldap_get_entries Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:148 - Graph: xss27 Unmodeled builtin function: ldap_get_entries Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:157 - Graph: xss32 Unmodeled builtin function: ldap_get_entries Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:233 - Graph: xss36 Unmodeled builtin function: ldap_get_entries Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:235 - Graph: xss37 Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:248 - Graph: xss38 Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:249 - Graph: xss40 Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:250 - Graph: xss42 Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:251 - Graph: xss44 Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:252 - Graph: xss46 Unmodeled builtin function: ldap_get_entries Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:272 - Graph: xss49 Unmodeled builtin function: ldap_get_entries Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:273 - Graph: xss50 Unmodeled builtin function: ldap_get_entries Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:274 - Graph: xss51 Unmodeled builtin function: ldap_get_entries Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:275 - Graph: xss52 Unmodeled builtin function: ldap_get_entries Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:276 - Graph: xss53 Unmodeled builtin function: ldap_get_entries Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:277 - Graph: xss54 Unmodeled builtin function: ldap_get_entries Vulnerability detected! - unconditional - pixy_1220128249DT0PAY:282 - Graph: xss56 Total Vuln Count: 26 ***************** XSS Analysis END ***************** Link to comment Share on other sites More sharing options...
untitledav Posted December 20, 2011 Share Posted December 20, 2011 First i would like to say hello to everyone on this awesome forums!!!! Im total noob when it comes to programing but you have to start sometime right? Anyway i found this post and awesome script that pulls info from AD, im going to test it on win2008 server, i wonder if it will work..... Any suggestions as far as win2008 server and this script? i noticed that there are comments for win2K and win2K3. Thanks!!!!!! Link to comment Share on other sites More sharing options...
Pikachu2000 Posted December 20, 2011 Share Posted December 20, 2011 Perhaps you didn't notice that this thread is nearly 4 years old. Link to comment Share on other sites More sharing options...
Recommended Posts