Virtual War version 1.5.0 is riddled with SQL injection and cross site scripting flaws.
e97db2d77099c11dab83ed0b4b51321d4045576a98671e62a65787fa07e9bef5
Virtual War v1.5.0 SQL injection and XSS
http://[host]/vwar/war.php?s=[SQL]
http://[host]/vwar/war.php?page=[SQL]or[xss]
http://[host]/vwar/war.php?showgame=[SQL]
http://[host]/vwar/war.php?sortby=[sql]
http://[host]/vwar/war.php?sortorder=[sql]
http://host]/vwar/calendar.php?year=[xss]
vendor: www.vwar.de
google:"Powered by: Virtual War v1.5.0"
Discovered by Vampire
Connect Me : Vampire_chiristof@yahoo.com