SecurityFocus

Virtual War v1.5.0 <= Sql Injection vuln. Aug 09 2006 03:55PM
mfoxhacker gmail com

Vendor : www.vwar.de

Vuln. Ver. : 1.5.0 and lower

Dork : "Powered by : Virtual War v1.5.0"

intext:"www.vwar.de"

-------------------------------------------

Author : MFox

Homepage : Www.HackerZ.iR

Www.H4ckerZ.Com

Iran HackerZ Security Team

-------------------------------------------

PoC :

http://[host]/vwar/news.php?sortby=[SQL]

http://[host]/vwar/news.php?sortorder=[SQL]

-------------------------------------------

[ reply ]