A live training session (Free, as in no money, as in you gotta be there!) is scheduled every Thursdays at 10.30 AM PST. Enroll now and get a chance to toast websites like a pro in no time!
Seotoaster 1.9 SQL Injection Vulnerability Fixed
There was security vulnerability discovered last week by Schurtz via Secunia Vulnerability Coordination Reward Program (SVCRP), which can be used by malefactor to login into seotoaster with admin rights and manipulate site content.
This vulnerability hits login procedure and allows to bypass authentification mechanism via SQL injection. This exploit affects only system which has php setting:
"magic_quotes_gpc" = off
To secure your seotoaster powered website, please download the latest version of seotoaster and update your installation.
Download latest version here
Also, if you are running seotoaster version 1.9 you can update only affected. Download patch.tgz, extract and replace following files:
seotoaster_core/application/models/LoginModel.php
seotoaster_core/application/controllers/LoginController.php
For linux users you can run little snippet bellow in your seotoaster folder:
curl http://www.seotoaster.com/download/patch.tgz | tar xzv
We sincerely apologize if this vulnerability is caused damage to you or your business.