CVE-2006-5450
Kinesis Interactive Cinema System - SQL Injection via txtUsername or txtPassword Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-5450. PoCs published by fireboy.
AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Kinesis Interactive Cinema System, where unsanitized user input in the 'index.asp' script allows attackers to manipulate SQL queries. The exploit example demonstrates a basic authentication bypass using SQL injection.
Description
SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters.
Exploits (1)
The provided text describes an SQL injection vulnerability in Kinesis Interactive Cinema System, where unsanitized user input in the 'index.asp' script allows attackers to manipulate SQL queries. The exploit example demonstrates a basic authentication bypass using SQL injection.