Virtual War v1.5.0 <= Sql Injection vuln.
Date: 9 Aug 2006 15:55:47 -0000
From: [email protected]
To: [email protected]
Subject: Virtual War v1.5.0 <= Sql Injection vuln.
X-Virus-Scanned: antivirus-gw at tyumen.ru
Vendor : www.vwar.de
Vuln. Ver. : 1.5.0 and lower
Dork : "Powered by : Virtual War v1.5.0"
intext:"www.vwar.de"
-------------------------------------------
Author : MFox
Homepage : Www.HackerZ.iR
Www.H4ckerZ.Com
Iran HackerZ Security Team
-------------------------------------------
PoC :
http://[host]/vwar/news.php?sortby=[SQL]
http://[host]/vwar/news.php?sortorder=[SQL]
