Bugtraq mailing list archives

Virtual War v1.5.0 SQL injection and XSS

From: vampire_chiristof () yahoo com
Date: 14 Aug 2006 15:01:48 -0000

Virtual War v1.5.0 SQL injection and XSS

http://[host]/vwar/war.php?s=[SQL]
http://[host]/vwar/war.php?page=[SQL]or[xss]
http://[host]/vwar/war.php?showgame=[SQL]
http://[host]/vwar/war.php?sortby=[sql]
http://[host]/vwar/war.php?sortorder=[sql]
http://host]/vwar/calendar.php?year=[xss]

vendor: www.vwar.de

google:"Powered by: Virtual War v1.5.0"

Discovered by Vampire

Connect Me : Vampire_chiristof () yahoo com

Current thread:

Virtual War v1.5.0 SQL injection and XSS vampire_chiristof (Aug 14)