Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20021
HistoryJun 11, 2008 - 12:00 a.m.

Many bugs on CMS system Piugame

2008-06-1100:00:00
vulners.com
49

Many bugs on CMS system Piugame
http://www.piugame.com

Researcher: Psymera

1.-Overview

Piugame CMS is one system used for control and contac of Pump It up
Gamers over the world and
Metod of control for official tournamets over the wold

2.-Description

This system has a vulnerabily as Sql Injection, Bypass credentials, XSS
and many others bugs
The system its too poor programed and not have a good method of control
on the variables has be sendend

Examples:
Script: club.piugame.com/list.html
SQL Injection:
Variable "stt" vulnerable

    XSS:
        Variables:
            “order”
            “stt”
            “tb”
            “ss2”
            “SC”
            “ss1”
            “sst1”
            “tbname”
            “page”
            “category”
            “key”
            “keyword”
            “divpage”
    
Global Script: /home1/piuclub/public_html/_club/tempst_bbs/lib.php
    SQL Injection:
        variable: "community_no"

And of this form many others scripts has vulnerable for many other types
of attacks

4.- Disclosure Timeout
Vendor Contacted:
15-Marzo-2008 Vendor never response.
11-Abril-2008 Vendor never response.
24-Mayo-2008 Vendor never response.

Public Advisory: 10-Junio-2008

5.- Copyright
Researcher: Psymera
http://www.securitynation.com - Security Nation is a Lab Supported by
RISS Security Services.
http://www.riss.com.mx
Copyright SecurityNation.
Contact: [email protected]