X-Forwarded-For SQL Injection in DSCounter

Summary

Vulnerability: X-Forwarded-For SQL Injection in DSCounter
Discovered: 2006.03.12
Last Update: 2006.03.23 Exploitation code published
ID: EV0098
CVE: CVE-2006-1234
Risk Level: medium
Type: SQL Injection
Status: Unpatched. No reply from developer(s)
Vendor: n/a
Vulnerable Software: DSCounter (http://dsportal.uw.hu/)
Version: 1.2
PoC/Exploit: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in DSCounter (http://dsportal.uw.hu/) script.

Vulnerable script: index.php

Environment variable HTTP_X_FORWARDED_FOR isn't properly sanitized before its value being used in the SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

PoC/Exploit

HTTP query example:

Get /index.php HTTP/1.0
Host: [host]
X-Forwarded-For: aaa' or 1/*

Solution.

Solution for "X-Forwarded-For SQL Injection in DSCounter" is not available. Check vendor's website for updates.

X-Forwarded-For SQL Injection in DSCounter

Summary

Description

PoC/Exploit

Solution.

Company

Services

eVuln Labs

eVuln Tools