Virtual War v1.5.0 SQL injection and XSS http://[host]/vwar/war.php?s=[SQL] http://[host]/vwar/war.php?page=[SQL]or[xss] http://[host]/vwar/war.php?showgame=[SQL] http://[host]/vwar/war.php?sortby=[sql] http://[host]/vwar/war.php?sortorder=[sql] http://host]/vwar/calendar.php?year=[xss] vendor: www.vwar.de google:"Powered by: Virtual War v1.5.0" Discovered by Vampire Connect Me : Vampire_chiristof@xxxxxxxxx