Joomla! 3.7.5 - Takeover in 20 Seconds with LDAP Injection
https://blog.ripstech.com/2017/joomla-takeover-in-20-seconds-with-ldap-injection-cve-2017-14596/ [blog.ripstech.com]
2017-09-24 04:19
By using wildcard characters and by observing different authentication error messages, the attacker can literally search for login credentials progressively by sending a row of payloads that guess the credentials character by character.
source: solar