X-Forwarded-For SQL Injection in DSCounter
Summary
- Vulnerability
- X-Forwarded-For SQL Injection in DSCounter
- Discovered
- 2006.03.12
- Last Update
- 2006.03.23 Exploitation code published
- ID
- EV0098
- CVE
- CVE-2006-1234
- Risk Level
- medium
- Type
- SQL Injection
- Status
- Unpatched. No reply from developer(s)
- Vendor
- n/a
- Vulnerable Software
- DSCounter (http://dsportal.uw.hu/)
- Version
- 1.2
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
SQL Injection found in DSCounter (http://dsportal.uw.hu/) script.
Vulnerable script: index.php
Environment variable HTTP_X_FORWARDED_FOR isn't properly sanitized before its value being used in the SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
PoC/Exploit
HTTP query example:
- Get /index.php HTTP/1.0
- Host: [host]
- X-Forwarded-For: aaa' or 1/*
Solution.
Solution for "X-Forwarded-For SQL Injection in DSCounter" is not available. Check vendor's website for updates.
Order Source Code Audit made by eVuln
Protect your site by source code review of your website or web application made by our team.The order will be done by specialists in web application security.