bugcrowd · RRudder · Jul 28, 2025 · Apr 3, 2025
diff --git a/submissions/description/server_side_injection/ldap_injection/template.md b/submissions/description/server_side_injection/ldap_injection/template.md
@@ -1,3 +1,4 @@
+LDAP injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it’s possible to modify LDAP statements using a local proxy. This LDAP injection vulnerability could allow an attacker to execute arbitrary commands, such as granting permissions to unauthorized queries, and content modification inside the LDAP tree. The same advanced exploitation techniques available in SQL injection can be similarly applied in LDAP injection.
 
 **Business Impact**
 
@@ -7,7 +8,7 @@ LDAP injection vulnerabilities can lead to reputational damage through the impac
 
 1. Using a browser, log into the webpage: {{URL}}
 1. In the request to URI modify the token XYZ by appending a quote ``` and you'll see an error return
-1. Replace this with the payload below and you'll see a response indicating an injection occuring:
+1. Replace this with the payload below and you'll see a response indicating an injection occurring:
 
 ```
 {{payload}}