Many bugs on CMS system Piugame

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, vulnwatch@xxxxxxxxxxxxx, vuln@xxxxxxxxxxxxxxxxxx
Subject: Many bugs on CMS system Piugame
From: Psymera <psymera@xxxxxxxxx>
Date: Tue, 10 Jun 2008 14:33:13 -0600
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:x-enigmail-version:content-type :content-transfer-encoding; bh=X6B8tK2Dj2bYVorU3W6HFX0Yjdp2b8ztqwgTohC9EJA=; b=Zs2F5trzbg9iDi/WP2pwPHWIietLo08YzgTiCMzmqoYZidT4QOV3G2yX1Sxsxh6J7e sv+OnBmeaIogtRsYzqYHtwFMlLagOU5ZiK49gznZZU4Xmm2gclmXbL6YVPBIeQS3P3rt ULQFh3Ru1uIT1RU4odCK/x6D01UPQReRIL8vM=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :x-enigmail-version:content-type:content-transfer-encoding; b=Y6jv7lhihXHPGD4pGKz6Ue5lQwNBFUWFti+q6qKa7nbFzHRqCkzLsA3fw11tB6G7J4 +Wtpt43oVRaq77RFiDBKgDAtcRcAGHgXALV/BNjbO+vpymL0MqRWZC4eslx9TGD2v41z 6JUr/weU5EADxrR70Kn613KO+wq4w1IdPqCzk=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Thunderbird 2.0.0.14 (Windows/20080421)

Many bugs on CMS system Piugame
http://www.piugame.com

Researcher: Psymera

1.-Overview

Piugame CMS is one system used for control and contac of Pump It upGamers over the world and

Metod of control for official tournamets over the wold

2.-Description

This system has a vulnerabily as Sql Injection, Bypass credentials, XSSand many others bugsThe system its too poor programed and not have a good method of controlon the variables has be sendend


Examples:
   Script: club.piugame.com/list.html
       SQL Injection:
           Variable "stt" vulnerable

       XSS:
           Variables:
               “order”
               “stt”
               “tb”
               “ss2”
               “SC”
               “ss1”
               “sst1”
               “tbname”
               “page”
               “category”
               “key”
               “keyword”
               “divpage”

Global Script: /home1/piuclub/public_html/_club/tempst_bbs/lib.php

       SQL Injection:
           variable: "community_no"

And of this form many others scripts has vulnerable for many other typesof attacks


4.- Disclosure Timeout
Vendor Contacted:
   15-Marzo-2008 Vendor never response.
   11-Abril-2008 Vendor never response.
   24-Mayo-2008 Vendor never response.

Public Advisory: 10-Junio-2008

5.- Copyright
Researcher: Psymera
http://www.securitynation.com - Security Nation is a Lab Supported by
RISS Security Services.
http://www.riss.com.mx
Copyright SecurityNation.
Contact: psymera@xxxxxxxxx

Prev by Date: [ MDVSA-2008:111 ] - Updated Evolution packages fix vulnerabilities
Next by Date: ZDI-08-039: Microsoft Internet Explorer DOM Ojbect substringData() Heap Overflow Vulnerability
Previous by thread: [ MDVSA-2008:111 ] - Updated Evolution packages fix vulnerabilities
Next by thread: ZDI-08-039: Microsoft Internet Explorer DOM Ojbect substringData() Heap Overflow Vulnerability
Index(es):
- Date
- Thread