phpBB "charts.php" XSS and SQL-Injection

2006-05-12T00:00:00
ID SECURITYVULNS:DOC:12641
Type securityvulns
Reporter Securityvulns
Modified 2006-05-12T00:00:00

Description

// phpBB "charts.php" (hack) XSS and SQL-Injection //


[~] Advisory by: LoK-Crew

[-] Exploit: http://www.example.com/charts.php?action=vote&rate=1&id=[XSS] http://www.example.com/charts.php?action=vote&rate=1&id=[SQL]

[-] Googledork: inurl:"charts.php" "powered by phpbb"

[+] Visit: www.LoK-Crew.de