12 lines
No EOL
590 B
Text
12 lines
No EOL
590 B
Text
source: https://www.securityfocus.com/bid/20607/info
|
|
|
|
Kinesis Interactive Cinema System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
|
|
|
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
|
|
|
|
Since this is a site-specific issue, this BID is being retired.
|
|
|
|
Supplying the following input to the 'index.asp' script is sufficient to exploit this issue:
|
|
|
|
user: 'or''='
|
|
pass: 'or''=' |