Tushar-2223 Hotel Management System SQL Injection Vulnerability

A SQL injection vulnerability exists in the Tushar-2223 Hotel Management System in versions up to commit bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. The vulnerability is located in the 'home.php' file, specifically within the room reservation feature. This issue arises because user-supplied data in POST requests, such as Name and Email, is improperly sanitized before being included in an SQL query. As a result, an authenticated attacker can manipulate these inputs to execute arbitrary SQL commands, potentially leading to unauthorized access or modification of database information. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for authenticated SQL injection, where an attacker can execute arbitrary SQL commands. This could lead to unauthorized data access, data manipulation, or in some cases, executing commands on the server under the database application's privileges.

Reproduction

To reproduce this vulnerability, log into the application as a valid user and navigate to the room reservation section. Intercept the POST request to 'home.php' and inject a time-based SQL payload into the Name parameter. Send the request and observe the server's response time, which will increase significantly if the SQL injection was successful.