Hello everybody,
I have discovered an SQL Injection in the X-forwarded-for http header, but i got troubles exploiting it, i use the firefox plugin "X-forwarded-for Header" to edit the value and put the quote.
Actually i should double quote to see the error message using : '",
this is the error...