source: https://www.securityfocus.com/bid/19235/info X-Protection is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. X-Protection 1.10 is vulnerable to this issue. POST: username='/*&password=*/%20AND%201=0%20UNION%20SELECT%20999/*