Recently there has been a vulnerability found in Vwar where by  an attacker can use a SQL injection Flaw to gain your ADMIN Users (and all users for that matter) Password.

I wont post the article as the unruly might use it to start hacking all vWar users but I will tell you the vulnerability lies within a file in the vwar/extras  folder.


There is no update to this file yet but I have implement ed the following for protection on my site and I suggest you do the same if you run vWar.

Create an htaccess file in the folder in question and place these lines within and save it.

<Limit GET POST>
order deny,allow
deny from all
</Limit>

I hope this saves a few folks from being hacked.

Peace all,

MRC-Duckster

---