Many bugs on CMS system Piugame

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052692 漏洞类型
发布时间 2008-06-11 更新时间 2008-06-11
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2008060043
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Many bugs on CMS system Piugame
http://www.piugame.com

Researcher: Psymera

1.-Overview

Piugame CMS is one system used for control and contac of Pump It up 
Gamers over the world and
Metod of control for official tournamets over the wold

2.-Description

This system has a vulnerabily as Sql Injection, Bypass credentials, XSS 
and many others bugs
The system its too poor programed and not have a good method of control 
on the variables has be sendend

Examples:
    Script: club.piugame.com/list.html
        SQL Injection:
            Variable "stt" vulnerable

        XSS:
            Variables:
                ��order��
                ��stt��
                ��tb��
                ��ss2��
                ��SC��
                ��ss1��
                ��sst1��
                ��tbname��
                ��page��
                ��category��
                ��key��
                ��keyword��
                ��divpage��
        
    Global Script: /home1/piuclub/public_html/_club/tempst_bbs/lib.php
        SQL Injection:
            variable: "community_no"

And of this form many others scripts has vulnerable for many other types 
of attacks

4.- Disclosure Timeout
Vendor Contacted:
    15-Marzo-2008 Vendor never response.
    11-Abril-2008 Vendor never response.
    24-Mayo-2008 Vendor never response.

Public Advisory: 10-Junio-2008

5.- Copyright
Researcher: Psymera
http://www.securitynation.com - Security Nation is a Lab Supported by
RISS Security Services.
http://www.riss.com.mx
Copyright SecurityNation.
Contact: psymera_at_gmail.com