lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <484EE509.5010707@gmail.com> Date: Tue, 10 Jun 2008 14:33:13 -0600 From: Psymera <psymera@...il.com> To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk, vulnwatch@...nwatch.org, vuln@...uritynation.com Subject: Many bugs on CMS system Piugame Many bugs on CMS system Piugame http://www.piugame.com Researcher: Psymera 1.-Overview Piugame CMS is one system used for control and contac of Pump It up Gamers over the world and Metod of control for official tournamets over the wold 2.-Description This system has a vulnerabily as Sql Injection, Bypass credentials, XSS and many others bugs The system its too poor programed and not have a good method of control on the variables has be sendend Examples: Script: club.piugame.com/list.html SQL Injection: Variable "stt" vulnerable XSS: Variables: “order” “stt” “tb” “ss2” “SC” “ss1” “sst1” “tbname” “page” “category” “key” “keyword” “divpage” Global Script: /home1/piuclub/public_html/_club/tempst_bbs/lib.php SQL Injection: variable: "community_no" And of this form many others scripts has vulnerable for many other types of attacks 4.- Disclosure Timeout Vendor Contacted: 15-Marzo-2008 Vendor never response. 11-Abril-2008 Vendor never response. 24-Mayo-2008 Vendor never response. Public Advisory: 10-Junio-2008 5.- Copyright Researcher: Psymera http://www.securitynation.com - Security Nation is a Lab Supported by RISS Security Services. http://www.riss.com.mx Copyright SecurityNation. Contact: psymera@...il.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists