CVE-2009-1347

chCounter 3.1.3 - SQL Injection via Login Name or Password Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-1347. PoCs published by tmh.

AI-analyzed exploit summary This exploit describes an authentication bypass vulnerability in chCounter 3.1.3, where using ' or = as the username and password allows unauthorized access. The exploit requires magic quotes to be disabled on the target system.

Description

Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via (1) the login_name parameter (aka the username field) or (2) the login_pw parameter (aka the password field).

Exploits (2)

exploitdb WRITEUP VERIFIED
by tmh · textwebappsphp
https://www.exploit-db.com/exploits/8461

This exploit describes an authentication bypass vulnerability in chCounter 3.1.3, where using ' or = as the username and password allows unauthorized access. The exploit requires magic quotes to be disabled on the target system.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: chCounter 3.1.3
No auth needed
Prerequisites: magic quotes = off
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/12456

This is a detailed technical writeup describing an indirect SQL injection and XSS vulnerability in chCounter 3.1.1. The SQL injection occurs when a visitor manipulates the page title (e.g., via WordPress search parameter), which is stored in the database and later executed when the admin views visitor details. The XSS vulnerability leverages SQL errors to execute malicious scripts in the admin's browser.

Classification
Writeup 95%
Attack Type
Sqli | Xss
Complexity
Moderate
Reliability
Theoretical
Target: chCounter 3.1.1
No auth needed
Prerequisites: A website using chCounter 3.1.1 · Admin interaction to view visitor details · Ability to manipulate page titles or user agents
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24879
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34572
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8461

Scores

EPSS 0.0096
EPSS Percentile 56.8%

Details

CWE
CWE-89
Status published
Products (1)
chcounter/chcounter 3.1.3
Published Apr 20, 2009
Tracked Since Feb 18, 2026