Radius Manager 3.9.0 SQL Injection

2011-10-21T00:00:00
ID PACKETSTORM:106068
Type packetstorm
Reporter Mehdi Boukazoula
Modified 2011-10-21T00:00:00

Description

                                        
                                            `# Exploit Title: Radius Manager V3.9.0 Sql Injection  
# Date: 16-10-2011  
# Author: Mehdi Boukazoula  
# Software Link: http://www.dmasoftlab.com  
# Version: v 3.9.0  
# Tested on: v 3.9.0 with Postgresql, PHP 5.2.6, Apache 2.2.8,  
# Description : In the page of "http://127.0.0.1/admin.php" the parameter "cont" is not sanitized ,that make malicious user comunicate with the database server directely .  
--------------------------------------------------------------------------------------------------------  
# Code of exploit :  
in the browser (FingerPrint PoC) URL :  
http://HOST/admin.php?cont=cont=search_invoices'YOUR SQL QUERIE  
`