Abuso de las
peticiones LDAP para alterar fraudulentamente el contenido del directorio de
información de un servidor en red.
A technique for exploiting a
web site by altering backend LDAP statements through manipulating application
input.
http://www.webappsec.org/projects/glossary/
LDAP injection is a specific
form of attack that can be employed to compromise Web sites that construct LDAP
(Lightweight Directory Access Protocol) statements from data provided by users.
This is done by changing LDAP statements so dynamic Web applications can run
with invalid permissions, allowing the attacker to alter, add or delete
content. LDAP is a protocol that facilitates the location of organizations,
individuals and other resources in a network. It is a streamlined version of
DAP (Directory Access Protocol), which is part of X.500, a standard for network
directory services.
http://searchsoftwarequality.techtarget.com/glossary/