Recent X-Forwarded-For SQL Injection vulnerabilities
Here is short summary of recent X-Forwarded-For SQL Injection vulnerabilities discovered by eVuln team. Full list with details is available on the eVuln Security Advisories page.
X-Forwarded-For SQL Injection in DSCounter.
Vulnerable script: index.php
Environment variable HTTP_X_FORWARDED_FOR isn't properly sanitized before its value being used in the SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
HTTP query example:
- Get /index.php HTTP/1.0
- Host: [host]
- X-Forwarded-For: aaa' or 1/*
Solution is not available.Other details >>