[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Virtual War v1.5.0 SQL injection and XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Virtual War v1.5.0 SQL injection and XSS
From: vampire_chiristof@xxxxxxxxx
Date: 14 Aug 2006 15:01:48 -0000

Virtual War v1.5.0 SQL injection and XSS

http://[host]/vwar/war.php?s=[SQL]
http://[host]/vwar/war.php?page=[SQL]or[xss]
http://[host]/vwar/war.php?showgame=[SQL]
http://[host]/vwar/war.php?sortby=[sql]
http://[host]/vwar/war.php?sortorder=[sql]
http://host]/vwar/calendar.php?year=[xss]

vendor: www.vwar.de

google:"Powered by: Virtual War v1.5.0"

Discovered by Vampire

Connect Me : Vampire_chiristof@xxxxxxxxx

Prev by Date: BlaBla 4U XSS Vulnerabilite
Next by Date: Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released - fixes variable overwriting attack
Previous by thread: BlaBla 4U XSS Vulnerabilite
Next by thread: JavaScript get Internal Address (thanks to DanBUK)
Index(es):
- Date
- Thread