This video is the explanation of the bug bounty report submitted to Github Security Lab. This was not the usual vulnerability report, but CodeQL query for finding LDAP injection in Java applications.

Report:
https://hackerone.com/reports/787113
Reporter:
https://hackerone.com/grzegol
https://twitter.com/ggolawski
Code and pull request:
https://github.com/github/codeql/tree/master/java/ql/src/Security/CWE/CWE-090
https://github.com/github/codeql/pull/2651

00:00 Intro
00:14 Github security lab and CodeQL
02:20 LDAP and LDAP injection
03:28 CodeQL query to find LDAP injection

#codeql #hackerone #githubsecuritylab #ghsecuritylab

Add comment

Your email address will not be published. Required fields are marked *