[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Many bugs on CMS system Piugame



Many bugs on CMS system Piugame
http://www.piugame.com

Researcher: Psymera

1.-Overview

Piugame CMS is one system used for control and contac of Pump It up Gamers over the world and
Metod of control for official tournamets over the wold

2.-Description

This system has a vulnerabily as Sql Injection, Bypass credentials, XSS and many others bugs The system its too poor programed and not have a good method of control on the variables has be sendend

Examples:
   Script: club.piugame.com/list.html
       SQL Injection:
           Variable "stt" vulnerable

       XSS:
           Variables:
               âorderâ
               âsttâ
               âtbâ
               âss2â
               âSCâ
               âss1â
               âsst1â
               âtbnameâ
               âpageâ
               âcategoryâ
               âkeyâ
               âkeywordâ
               âdivpageâ
Global Script: /home1/piuclub/public_html/_club/tempst_bbs/lib.php
       SQL Injection:
           variable: "community_no"

And of this form many others scripts has vulnerable for many other types of attacks

4.- Disclosure Timeout
Vendor Contacted:
   15-Marzo-2008 Vendor never response.
   11-Abril-2008 Vendor never response.
   24-Mayo-2008 Vendor never response.

Public Advisory: 10-Junio-2008

5.- Copyright
Researcher: Psymera
http://www.securitynation.com - Security Nation is a Lab Supported by
RISS Security Services.
http://www.riss.com.mx
Copyright SecurityNation.
Contact: psymera@xxxxxxxxx