TUCoPS :: Web :: CMS / Portals :: bx3469.htm

Piugame CMS many bugs
Many bugs on CMS system Piugame
Many bugs on CMS system Piugame


Many bugs on CMS system Piugame
http://www.piugame.com 

Researcher: Psymera

1.-Overview

Piugame CMS is one system used for control and contac of Pump It up 
Gamers over the world and
Metod of control for official tournamets over the wold

2.-Description

This system has a vulnerabily as Sql Injection, Bypass credentials, XSS 
and many others bugs
The system its too poor programed and not have a good method of control 
on the variables has be sendend

Examples:
    Script: club.piugame.com/list.html
        SQL Injection:
            Variable "stt" vulnerable

        XSS:
            Variables:
                =E2=80=9Corder=E2=80=9D
                =E2=80=9Cstt=E2=80=9D
                =E2=80=9Ctb=E2=80=9D
                =E2=80=9Css2=E2=80=9D
                =E2=80=9CSC=E2=80=9D
                =E2=80=9Css1=E2=80=9D
                =E2=80=9Csst1=E2=80=9D
                =E2=80=9Ctbname=E2=80=9D
                =E2=80=9Cpage=E2=80=9D
                =E2=80=9Ccategory=E2=80=9D
                =E2=80=9Ckey=E2=80=9D
                =E2=80=9Ckeyword=E2=80=9D
                =E2=80=9Cdivpage=E2=80=9D
        
    Global Script: /home1/piuclub/public_html/_club/tempst_bbs/lib.php
        SQL Injection:
            variable: "community_no"

And of this form many others scripts has vulnerable for many other types 
of attacks

4.- Disclosure Timeout
Vendor Contacted:
    15-Marzo-2008 Vendor never response.
    11-Abril-2008 Vendor never response.
    24-Mayo-2008 Vendor never response.

Public Advisory: 10-Junio-2008

5.- Copyright
Researcher: Psymera
http://www.securitynation.com - Security Nation is a Lab Supported by 
RISS Security Services.
http://www.riss.com.mx 
Copyright SecurityNation.
Contact: psymera@gmail.com

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH