The phpBB charts.php code suffers from cross site scripting and SQL injection flaws.
aac363a8ee7a42ddf9b0b3f9f6c6ffee25b002e6df39300f7adb859ae64df841
// phpBB "charts.php" (hack) XSS and SQL-Injection //
-----------------------------------------------------------------
[~] Advisory by: LoK-Crew
[-] Exploit:
http://www.example.com/charts.php?action=vote&rate=1&id=[XSS]
http://www.example.com/charts.php?action=vote&rate=1&id=[SQL]
[-] Googledork: inurl:"charts.php" "powered by phpbb"
[+] Visit: www.LoK-Crew.de