TUCoPS :: Web :: CMS / Portals :: bx3469.htm

Piugame CMS many bugs
Many bugs on CMS system Piugame
Many bugs on CMS system Piugame

Many bugs on CMS system Piugame

Researcher: Psymera


Piugame CMS is one system used for control and contac of Pump It up 
Gamers over the world and
Metod of control for official tournamets over the wold


This system has a vulnerabily as Sql Injection, Bypass credentials, XSS 
and many others bugs
The system its too poor programed and not have a good method of control 
on the variables has be sendend

    Script: club.piugame.com/list.html
        SQL Injection:
            Variable "stt" vulnerable

    Global Script: /home1/piuclub/public_html/_club/tempst_bbs/lib.php
        SQL Injection:
            variable: "community_no"

And of this form many others scripts has vulnerable for many other types 
of attacks

4.- Disclosure Timeout
Vendor Contacted:
    15-Marzo-2008 Vendor never response.
    11-Abril-2008 Vendor never response.
    24-Mayo-2008 Vendor never response.

Public Advisory: 10-Junio-2008

5.- Copyright
Researcher: Psymera
http://www.securitynation.com - Security Nation is a Lab Supported by 
RISS Security Services.
Copyright SecurityNation.
Contact: psymera@gmail.com 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986- AOH