Kinesis Interactive Cinema System - 'index.asp' SQL Injection

EDB-ID:

28829


Author:

fireboy

Type:

webapps


Platform:

ASP

Date:

2006-10-18


source: https://www.securityfocus.com/bid/20607/info

Kinesis Interactive Cinema System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Since this is a site-specific issue, this BID is being retired.

Supplying the following input to the 'index.asp' script is sufficient to exploit this issue: 

user: 'or''=' 
pass: 'or''='