For example allinurl: com_fireboard will retun all the sites in the google database that are running the fireboard forum extension and from there the hacker can build a list of web sites to attack.
From that search the hacker has a very long list of sites to attack BUT quite often the reported vulnerability will already have been fixed and the majority of the sites on the list will be safe.
But the hacker isnt stupid, why waste their time probing all the sites on the list when they only want to probe those sites running the vulnerable version. Sadly Joomla exposes the version of any and every extension you have installed on your site so with a couple of extra searches the hacker can create a target list of sites to attack that are all vulnerable.
Although I do not believe in "security through obscurity" I am not going to publish how these version numbers are exposed.
It was reported to the Joomla development team in March 2008 and also to the Joomla Security Strike Team in August 2008 together with a simple fix that would "protect" the vast majority of Joomla web sites.