[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Virtual War v1.5.0 <= Sql Injection vuln.
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Virtual War v1.5.0 <= Sql Injection vuln.
- From: mfoxhacker@xxxxxxxxx
- Date: 9 Aug 2006 15:55:47 -0000
Vendor : www.vwar.de
Vuln. Ver. : 1.5.0 and lower
Dork : "Powered by : Virtual War v1.5.0"
intext:"www.vwar.de"
-------------------------------------------
Author : MFox
Homepage : Www.HackerZ.iR
Www.H4ckerZ.Com
Iran HackerZ Security Team
-------------------------------------------
PoC :
http://[host]/vwar/news.php?sortby=[SQL]
http://[host]/vwar/news.php?sortorder=[SQL]
-------------------------------------------