|
AdCycle AdLogin.pm Admin Autentication Bypass Vulnerability
This example was submitted by qDefense Advisories <advisories@qDefense.com>: If an attacker signs in, using a account name of "ADMIN" and a password of X ' OR 1 # an attacker can cause AdCycle to use the following SQL command: "SELECT * FROM ad WHERE LOGIN='ADMIN' AND PASSWORD='X' OR 1 #' |
|
|
Privacy Statement |
