If you don’t know about LDAP then here you go: http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
LDAP also store name, credit card,email and other information. LDAP also exploitable like other database. LDAP injection is similarly to SQL injection.
NOTE: Remember i am telling you what i do. So feedback is welcome. I am not master and i don’t want to be master.
If it is a URL then it would be like: www.example.com/search.asp?vulnerable=*
Simple way to identify the vulnerability (Bad Input):
Hacking is not crime, It is philosophy, It is research!!!