Bugtraq mailing list archives
Many bugs on CMS system Piugame
From: Psymera <psymera () gmail com>
Date: Tue, 10 Jun 2008 14:33:13 -0600
Many bugs on CMS system Piugame http://www.piugame.com Researcher: Psymera 1.-OverviewPiugame CMS is one system used for control and contac of Pump It up Gamers over the world and
Metod of control for official tournamets over the wold 2.-DescriptionThis system has a vulnerabily as Sql Injection, Bypass credentials, XSS and many others bugs The system its too poor programed and not have a good method of control on the variables has be sendend
Examples: Script: club.piugame.com/list.html SQL Injection: Variable "stt" vulnerable XSS: Variables: “order” “stt” “tb” “ss2” “SC” “ss1” “sst1” “tbname” “page” “category” “key” “keyword” “divpage”Global Script: /home1/piuclub/public_html/_club/tempst_bbs/lib.php
SQL Injection: variable: "community_no"And of this form many others scripts has vulnerable for many other types of attacks
4.- Disclosure Timeout Vendor Contacted: 15-Marzo-2008 Vendor never response. 11-Abril-2008 Vendor never response. 24-Mayo-2008 Vendor never response. Public Advisory: 10-Junio-2008 5.- Copyright Researcher: Psymera http://www.securitynation.com - Security Nation is a Lab Supported by RISS Security Services. http://www.riss.com.mx Copyright SecurityNation. Contact: psymera () gmail com
Current thread:
- Many bugs on CMS system Piugame Psymera (Jun 10)