X-Forwarded-For SQL Injection in DSCounter

Summary

Vulnerability
X-Forwarded-For SQL Injection in DSCounter
Discovered
2006.03.12
Last Update
2006.03.23 Exploitation code published
ID
EV0098
CVE
CVE-2006-1234
Risk Level
medium
Type
SQL Injection
Status
Unpatched. No reply from developer(s)
Vendor
n/a
Vulnerable Software
DSCounter (http://dsportal.uw.hu/)
Version
1.2
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in DSCounter (http://dsportal.uw.hu/) script.

Vulnerable script: index.php

Environment variable HTTP_X_FORWARDED_FOR isn't properly sanitized before its value being used in the SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

PoC/Exploit

HTTP query example:

  • Get /index.php HTTP/1.0
  • Host: [host]
  • X-Forwarded-For: aaa' or 1/*

Solution.

Solution for "X-Forwarded-For SQL Injection in DSCounter" is not available. Check vendor's website for updates.