{"id": "PACKETSTORM:98508", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Seo Panel 2.2.0 SQL Injection", "description": "", "published": "2011-02-16T00:00:00", "modified": "2011-02-16T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/98508/Seo-Panel-2.2.0-SQL-Injection.html", "reporter": "High-Tech Bridge SA", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:21:58", "viewCount": 1, "enchantments": {"score": {"value": 0.4, "vector": "NONE", "modified": "2016-11-03T10:21:58", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:21:58", "rev": 2}, "vulnersScore": 0.4}, "sourceHref": "https://packetstormsecurity.com/files/download/98508/seopanel-sql.txt", "sourceData": "`==================================== \nVulnerability ID: HTB22825 \nReference: http://www.htbridge.ch/advisory/sql_injection_in_seo_panel_2.html \nProduct: Seo Panel \nVendor: http://www.seopanel.in/ ( http://www.seopanel.in/ ) \nVulnerable Version: 2.2.0 \nVendor Notification: 01 February 2011 \nVulnerability Type: SQL Injection \nRisk level: High \nCredit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/) \n \nVulnerability Details: \nThe vulnerability exists due to failure in the \"/reports.php\" script to properly sanitize user-supplied input in \"website_id\" variable. \nAttacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database. \n \nThe following PoC is available: \n \n \nPOST /reports.php HTTP/1.1 \n \nwebsite_id=-1%20union%20select%201,version(),3,4,5,6,7,8,9%20--%20&sec=reportsum \n \n \n==================================== \nVulnerability ID: HTB22824 \nReference: http://www.htbridge.ch/advisory/sql_injection_in_seo_panel_1.html \nProduct: Seo Panel \nVendor: http://www.seopanel.in/ ( http://www.seopanel.in/ ) \nVulnerable Version: 2.2.0 \nVendor Notification: 01 February 2011 \nVulnerability Type: SQL Injection \nRisk level: High \nCredit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/) \n \nVulnerability Details: \nThe vulnerability exists due to failure in the \"/websites.php\" script to properly sanitize user-supplied input in \"url\" variable. \nAttacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database. \n \nThe following PoC is available: \n \n \nPOST /websites.php HTTP/1.1 \n \nsec=create&name=123&url=http%3A%2F%2F123'%2Cversion()%2C1%2C1%2C2%2C1)%20--%20&title=1&description=1&keywords=1 \n \n \n==================================== \nVulnerability ID: HTB22823 \nReference: http://www.htbridge.ch/advisory/sql_injection_in_seo_panel.html \nProduct: Seo Panel \nVendor: http://www.seopanel.in/ ( http://www.seopanel.in/ ) \nVulnerable Version: 2.2.0 \nVendor Notification: 01 February 2011 \nVulnerability Type: SQL Injection \nRisk level: High \nCredit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/) \n \nVulnerability Details: \nThe vulnerability exists due to failure in the \"/index.php\" script to properly sanitize user-supplied input in \"lang_code\" variable. \nAttacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database. \n \nThe following PoC is available: \n \n \nhttp://[host]/index.php?&lang_code=1%27SQL_CODE_HERE \n \n \n`\n"}

{}