CVE-2006-7172

This exploit leverages SQL injection via the HTTP header 'PC-REMOTE-ADDR' in Php-Stats <= 0.1.9.1b to extract the admin password from the database. The payload injects a UNION-based SQL query to retrieve the password from the 'php_stats_config' table.

This exploit targets a SQL injection vulnerability in Php-Stats <= 0.1.9.1b via the 'ip' parameter, bypassing input validation through urldecode() and ereg() limitations. It discloses the admin password by injecting a UNION-based SQL query.