Inout EasyRooms SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Inout EasyRooms Ultimate Edition version 1.0. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter. Exploitation involves sending POST requests to the search/searchdetailed endpoint with malicious SQL payloads, which could be used to extract sensitive data or modify database contents.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a POST request to the search/searchdetailed endpoint with an injected SQL payload in the property1 parameter. The injection can be verified by using payloads that, for example, exploit SQL query logic or use SQL functions like 'sleep' to demonstrate the injection's effectiveness.