mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
817 B
817 B
CVE-2006-1234
Description
SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.
POC
Reference
- http://evuln.com/vulns/98/summary.html
- http://securityreason.com/securityalert/627
- http://www.securityfocus.com/archive/1/428807/100/0/threaded