SQL injection
getstaffshout.php
Code:
$sql = "SELECT c.* FROM ajshoutchat c left join users u on c.uid=u.id left join groups g on g.group_id=u.class WHERE c.id > ".$lastID." ORDER BY c.id DESC LIMIT 25";
Use mysql_real_escspe_string() around variable else you can SQL injection to change id hope that helps if you still use this script also I only checked one or two scripts so far skimming through page of course if anymore SQL injection I will inform you via post