From f1e4c38ee1706673b8847508b01c8ccec8b523c5 Mon Sep 17 00:00:00 2001
From: RRudder <96507400+RRudder@users.noreply.github.com>
Date: Thu, 3 Apr 2025 12:26:41 +1000
Subject: [PATCH] added missing vulnerability description

---
 .../server_side_injection/ldap_injection/template.md           | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/submissions/description/server_side_injection/ldap_injection/template.md b/submissions/description/server_side_injection/ldap_injection/template.md
index 88095787..8fcd9084 100644
--- a/submissions/description/server_side_injection/ldap_injection/template.md
+++ b/submissions/description/server_side_injection/ldap_injection/template.md
@@ -1,3 +1,4 @@
+LDAP injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it’s possible to modify LDAP statements using a local proxy. This LDAP injection vulnerability could allow an attacker to execute arbitrary commands, such as granting permissions to unauthorized queries, and content modification inside the LDAP tree. The same advanced exploitation techniques available in SQL injection can be similarly applied in LDAP injection.
 
 **Business Impact**
 
@@ -7,7 +8,7 @@ LDAP injection vulnerabilities can lead to reputational damage through the impac
 
 1. Using a browser, log into the webpage: {{URL}}
 1. In the request to URI modify the token XYZ by appending a quote ``` and you'll see an error return
-1. Replace this with the payload below and you'll see a response indicating an injection occuring:
+1. Replace this with the payload below and you'll see a response indicating an injection occurring:
 
 ```
 {{payload}}