Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Many bugs on CMS system Piugame
From: Psymera <psymera () gmail com>
Date: Tue, 10 Jun 2008 14:33:13 -0600

Many bugs on CMS system Piugame

Researcher: Psymera


Piugame CMS is one system used for control and contac of Pump It up 
Gamers over the world and
Metod of control for official tournamets over the wold


This system has a vulnerabily as Sql Injection, Bypass credentials, XSS 
and many others bugs
The system its too poor programed and not have a good method of control 
on the variables has be sendend

    Script: club.piugame.com/list.html
        SQL Injection:
            Variable "stt" vulnerable

    Global Script: /home1/piuclub/public_html/_club/tempst_bbs/lib.php
        SQL Injection:
            variable: "community_no"

And of this form many others scripts has vulnerable for many other types 
of attacks

4.- Disclosure Timeout
Vendor Contacted:
    15-Marzo-2008 Vendor never response.
    11-Abril-2008 Vendor never response.
    24-Mayo-2008 Vendor never response.

Public Advisory: 10-Junio-2008

5.- Copyright
Researcher: Psymera
http://www.securitynation.com - Security Nation is a Lab Supported by
RISS Security Services.
Copyright SecurityNation.
Contact: psymera () gmail com

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Many bugs on CMS system Piugame Psymera (Jun 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]