Tiandy Easy7 Integrated Management Platform SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in Tiandy Easy7 Integrated Management Platform version 7.17.0. The issue resides in the Endpoint component, specifically within the /rest/devStatus/queryResources file. The vulnerability arises from inadequate sanitization of the areaId parameter, allowing remote, unauthenticated attackers to exploit the application using Boolean-based blind injection. This exploitation can bypass security controls, execute arbitrary SQL commands, and potentially lead to a complete compromise of the database, including extraction and modification of sensitive data.

Impact

Exploitation of this vulnerability allows for arbitrary SQL command execution, with the potential to extract, modify, or delete database information. This could result in a full compromise of the application's data management capabilities.

Reproduction

To reproduce this vulnerability, send a request to the /rest/devStatus/queryResources endpoint with a crafted areaId parameter that exploits the SQL injection flaw. The injection can be verified by using payloads that manipulate the SQL query, such as those that test for Boolean conditions or extract database information.