BugTraq
Virtual War v1.5.0 SQL injection and XSS Aug 14 2006 03:01PM
vampire_chiristof yahoo com
Virtual War v1.5.0 SQL injection and XSS

http://[host]/vwar/war.php?s=[SQL]

http://[host]/vwar/war.php?page=[SQL]or[xss]

http://[host]/vwar/war.php?showgame=[SQL]

http://[host]/vwar/war.php?sortby=[sql]

http://[host]/vwar/war.php?sortorder=[sql]

http://host]/vwar/calendar.php?year=[xss]

vendor: www.vwar.de

google:"Powered by: Virtual War v1.5.0"

Discovered by Vampire

Connect Me : Vampire_chiristof (at) yahoo (dot) com [email concealed]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus