Exploit Kinesis Interactive Cinema System - 'index.asp' SQL Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
28829
Проверка EDB
  1. Пройдено
Автор
FIREBOY
Тип уязвимости
WEBAPPS
Платформа
ASP
CVE
cve-2006-5450
Дата публикации
2006-10-18
Код:
source: https://www.securityfocus.com/bid/20607/info

Kinesis Interactive Cinema System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Since this is a site-specific issue, this BID is being retired.

Supplying the following input to the 'index.asp' script is sufficient to exploit this issue: 

user: 'or''=' 
pass: 'or''='
 
Источник
www.exploit-db.com

Похожие темы