AdCycle Admin Autentication Bypass Vulnerability

AdCycle is a series of scripts to facilitate ad banner rotation on a website. It is backended with a MySQL database. Adcycle is distributed as shareware.

The user authentication script that is bundled with AdCycle is vulnerable to an input validation attack.

Unchecked user-input is included in SQL queries. It is possible for attackers to construct input that will alter the logic of the query that is using during the authentication process. Attackers can authenticate as administrators without having valid credentials.

If exploited the attacker would have all the privileges of an administrator of the AdCycle service, including the ability to change ad banners.

It is yet undetermined whether this issue can be exploited to execute other arbitrary MySQL commands.


Privacy Statement
Copyright 2010, SecurityFocus