Adcycle Password Disclosure Vulnerability
BID:1969
Info
Adcycle Password Disclosure Vulnerability
| Bugtraq ID: | 1969 |
| Class: | Design Error |
| CVE: |
CVE-2000-1161 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 20 2000 12:00AM |
| Updated: | Jul 11 2009 03:56AM |
| Credit: | Reported to bugtraq by Mark Lastdrager <[email protected]> on Mon, 20 Nov 2000. Credit for discovery to "The Pike" <[email protected]> |
| Vulnerable: |
Adcycle.com Adcycle 0.77 b |
| Not Vulnerable: | |
Discussion
Adcycle Password Disclosure Vulnerability
Adcycle is a banner advertisement administration tool from Adcycle.com. It utilizes a connection to a MySQL database to manage and display clickable advertisement banners.
Upon installation, Adcycle leaves permissions to its database configuration script 'build.cgi' accessible to remote users. This script is designed to assist in configuring the connection to Adcycle's MySQL database.
As part of this functionality, build.cgi outputs the applicable manager and database passwords.
Normally, this script would be disabled prior to the completion of the installation. However, it remains executable by the host's httpd process. By executing this script, a remote user can obtain the management password and gain access to Adcycle's configuration, allowing the addition, modification or deletion of ad campaigns. A user may also further compromise the software package and possibly the underlying system with the MySQL database password.
In addition, when the script is executed, the AdCycle tables are wiped out. This could lead to a loss of data and/or denial of service.
Adcycle is a banner advertisement administration tool from Adcycle.com. It utilizes a connection to a MySQL database to manage and display clickable advertisement banners.
Upon installation, Adcycle leaves permissions to its database configuration script 'build.cgi' accessible to remote users. This script is designed to assist in configuring the connection to Adcycle's MySQL database.
As part of this functionality, build.cgi outputs the applicable manager and database passwords.
Normally, this script would be disabled prior to the completion of the installation. However, it remains executable by the host's httpd process. By executing this script, a remote user can obtain the management password and gain access to Adcycle's configuration, allowing the addition, modification or deletion of ad campaigns. A user may also further compromise the software package and possibly the underlying system with the MySQL database password.
In addition, when the script is executed, the AdCycle tables are wiped out. This could lead to a loss of data and/or denial of service.
Exploit / POC
Adcycle Password Disclosure Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Adcycle Password Disclosure Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Adcycle Password Disclosure Vulnerability
References:
References:
- Adcycle help - Unix installation (Adcycle.com)
- Adcycle homepage (Adcycle.com)